[Dataloss] CTS: Thief Steals Tax Records

George Toft george at myitaz.com
Sun Feb 4 16:45:12 EST 2007


The FTC clearly calls out tax preparers as being required to comply with 
GLBA (http://www.ftc.gov/bcp/conline/pubs/buspubs/glbshort.htm 3rd 
paragraph).  However, in September, 2006, CPA's were able to become 
exempt from the privacy rule of GLBA 
(http://www.icpas.org/icpas/ei/gbarticle.asp).  They are still required 
to comply with the Security Rule, which nobody seems to know about.

CPA's by nature are very tight-fisted with their money, and they see 
this as yet another expense that has no benefit.  "If it's not broke, 
why should I fix it?"

This list's members are very proactive and forward-thinking.  Securing 
information is obvious to us, but eludes others, so they delegate the 
task to "the IT guy" and it's his problem because "he understands that 
stuff."  Problem is, a large percentage of IT Guys I've spoken with are 
clueless about regulatory compliance and the finer art of information 
security.

George Toft, CISSP, MSIS
My IT Department
www.myITaz.com
623-203-1760

Confidential data protection experts for the financial industry.


James Childers wrote:
> But let me guess what the response was to your ad ... They didn't care
> because it hasn't happened to them yet.  
> 
> Apathy coupled with stupidity is a dangerous marriage.
> 
> Do small firms have to comply with GLBA or are they exempt?  If so, how
> can they justify non-compliance?
> 
> Jim Childers
> iQBio
> www.iqbio.com
> http://databreaches.blogspot.com 
> 
> -----Original Message-----
> From: dataloss-bounces at attrition.org
> [mailto:dataloss-bounces at attrition.org] On Behalf Of George Toft
> Sent: Sunday, February 04, 2007 10:38 AM
> To: blitz
> Cc: dataloss at attrition.org
> Subject: Re: [Dataloss] CTS: Thief Steals Tax Records
> 
> We tried to alert them all.  We published articles and ads in the 
> Arizona Society of CPA magazine.
> 
> George Toft, CISSP, MSIS
> My IT Department
> www.myITaz.com
> 623-203-1760
> 
> Confidential data protection experts for the financial industry.
> 
> 
> blitz wrote:
> 
>>So one would/might postulate at this point the thieves are selecting 
>>smaller targets, with less names and info. Especially ones with less 
>>security, and obviously more to loose should they be compromised.
>>
>>*/There should be an alert to them all.
>>
>>
>>/*At 23:39 2/3/2007, you wrote:
>>
>>
>>>I would expect to see more of these.  I met an accountant in Phoenix
>>>that had just her hard drives stolen - guess what the thief was
> 
> after?
> 
>>>This is a sore point for me - we hired a telemarketer to call every
> 
> CPA
> 
>>>in Phoenix.  There was virtually no interest on the part of the CPA's
> 
> to
> 
>>>protect their customer's information from this type of event.
>>>
>>>BTW - 800 people for one firm means it's a small firm.
>>>
>>>George Toft, CISSP, MSIS
>>>My IT Department
>>>www.myITaz.com <http://www.myitaz.com/>
>>>623-203-1760
>>>
>>>Confidential data protection experts for the financial industry.
>>>
>>>
>>>Dissent wrote:
>>>
>>>>http://www.wndu.com/news/headlines/5530966.html
>>>>
>>>>Eight hundred people are in jeopardy of having their credit ruined,
>>>>because thieves in the night stole their personal information from
> 
> a
> 
>>>>Cassopolis tax preparer.
> 
> _______________________________________________
> Dataloss Mailing List (dataloss at attrition.org)
> http://attrition.org/dataloss
> Tracking more than 146 million compromised records in 562 incidents over
> 7 years.
> 
> 
> 


More information about the Dataloss mailing list