<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:st1="urn:schemas-microsoft-com:office:smarttags" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="State"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="place"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="City"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="PersonName"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:Arial;}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 77.95pt 1.0in 77.95pt;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1027" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Training
new employees is important. They are a strange breed; not just your first
line of defense against fraud but they are also the most likely person to steal
the information that they have legitimate access to. Too often good employees
see problems and potential holes in their organizations information security
policy but do not know how or if they should bring them up to senior management.
Education is necessary to combat fraud and identity theft but any company will need
the buy in from senior management for any policy to be effective. The Red
Flag Rule states that the policy must be administered by a board of directors,
or in the case of smaller entities that may not have a board of directors, a
member of senior management. Together proper education of all employees
and senior management driving the operational and cultural changes necessary to
implement a formal red flag policy is a step in the right direction.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>What is
equally important and something I did not notice in the referenced document is
the vendor integrity requirement of the law. A covered entity must
ensure not only its own compliance, but also must consider the information
security posture of any vendor, supplier or third party provider with whom it exchanges
sensitive data or whom has access to sensitive data. All too often we
hear about a loss of data where a third party vendor mishandled a consumer’s
PII. It is apparent in today’s world that organizations need to
train their employees regularly and have senior management coordinate the cultural
and operational changes but it is equally important to know that vendors and
suppliers are doing the same. If your organization does everything
properly and one vendor or supplier does not share the same kind of reverence
for protecting PII your company is still at risk. <o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'><o:p> </o:p></span></font></p>
<div>
<div>
<p class=MsoNormal><em><b><i><font size=4 color="#333333" face=Arial><span
style='font-size:14.0pt;font-family:Arial;color:#333333;font-weight:bold;
font-style:normal'>Derek Rigsby</span></font></i></b></em><i><font size=4
color="#333333"><span style='font-size:14.0pt;color:#333333;font-style:italic'><o:p></o:p></span></font></i></p>
<p class=MsoNormal><strong><b><font size=2 color="#333333" face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:#333333'>Vice President</span></font></b></strong><font
size=3 color="#333333" face="Times New Roman"><span style='font-size:12.0pt;
font-family:"Times New Roman";color:#333333'><o:p></o:p></span></font></p>
<p class=MsoNormal><strong><b><font size=2 color="#333333" face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:#333333'>Product Development</span></font></b></strong><strong><b><font
face=Arial><span style='font-family:Arial'><o:p></o:p></span></font></b></strong></p>
<p class=MsoNormal><strong><b><font size=2 color=red face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:red'>id</span></font></b></strong><strong><b><font
face=Arial><span style='font-family:Arial'>BUSINESS /<font color=red><span
style='color:red'> id</span></font>CURE</span></font></b></strong><font size=3
color=red face="Times New Roman"><span style='font-size:12.0pt;font-family:
"Times New Roman";color:red'><o:p></o:p></span></font></p>
<p class=MsoNormal><U1:PLACE w:st="on"><U1:CITY w:st="on"><st1:place w:st="on"><st1:City
w:st="on"><strong><b><font size=2 color="#333333" face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:#333333'>Denver</span></font></b></strong></st1:City></st1:place><strong><b><font
color="#333333" face=Arial><span style='font-family:Arial;color:#333333'></U1:CITY>,
<U1:STATE w:st="on"><st1:State w:st="on">Colorado</U1:STATE></st1:State> </span></font></b></strong><font
color="#333333"><span style='color:#333333'><o:p></o:p></span></font></p>
<p class=MsoNormal><strong><b><font size=2 color="#333333" face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:#333333'>720.278.0756 - <U1:CITY w:st="on"><U1:PLACE w:st="on"><st1:place
w:st="on"><st1:City w:st="on">Mobile</U1:PLACE></U1:CITY></st1:City></st1:place></span></font></b></strong><font
color="#333333"><span style='color:#333333'><o:p></o:p></span></font></p>
<p class=MsoNormal><st1:PersonName w:st="on"><strong><b><font size=2
color="#333333" face=Arial><span style='font-size:10.0pt;font-family:Arial;
color:#333333'>Derek.Rigsby@idCURE.com</span></font></b></strong></st1:PersonName><font
color="#333333"><span style='color:#333333'><a
href="https://secureidcure.myhsphere.biz/../index.cfm"></a><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'><o:p> </o:p></span></font></p>
</div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><font
size=2 face=Arial><span style='font-size:10.0pt'><o:p> </o:p></span></font></p>
</div>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'><U1:P></U1:P>-----Original Message-----<br>
From: dataloss-bounces@attrition.org [mailto:dataloss-bounces@attrition.org] On
Behalf Of <st1:PersonName w:st="on">Michael Hill, CITRMS</st1:PersonName><br>
Sent: Thursday, September 04, 2008 11:03 AM<br>
To: Henry Brown; <st1:PersonName w:st="on">dataloss@attrition.org</st1:PersonName><br>
Subject: Re: [Dataloss] fringe Federal law and ID theft prevention</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>I want to add one thing to this very informative article from Jones Day
<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>written by Kevin Sykes that I believe is an important part of the <o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>administering of the "Identity Theft Prevention" program
under the Red Flag <o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Rules. As a consultant who has assisted many companies in their
ID Theft <o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>program, training their employees on the program and the reality of
identity <o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>theft is an absolute must for all businesses. I think its .90(e)
in the <o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>rules.<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>We read article after article on this webboard about data breaches and
the <o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>loss of PII and it seems the human element plays a VERY big part.
To not <o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>train ALL your employees, I think would be leaving your business open
to <o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>even more liability. Yes, even the warehouse personnel as well.<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Michael Hill<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Certified Identity Theft Risk Management Specialist<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>404-216-3751<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>www.idtheft101.net<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'><o:p> </o:p></span></font></p>
</div>
</body>
</html>