[Dataloss] CTS: Thief Steals Tax Records
George Toft
george at myitaz.com
Sun Feb 4 16:45:12 EST 2007
The FTC clearly calls out tax preparers as being required to comply with
GLBA (http://www.ftc.gov/bcp/conline/pubs/buspubs/glbshort.htm 3rd
paragraph). However, in September, 2006, CPA's were able to become
exempt from the privacy rule of GLBA
(http://www.icpas.org/icpas/ei/gbarticle.asp). They are still required
to comply with the Security Rule, which nobody seems to know about.
CPA's by nature are very tight-fisted with their money, and they see
this as yet another expense that has no benefit. "If it's not broke,
why should I fix it?"
This list's members are very proactive and forward-thinking. Securing
information is obvious to us, but eludes others, so they delegate the
task to "the IT guy" and it's his problem because "he understands that
stuff." Problem is, a large percentage of IT Guys I've spoken with are
clueless about regulatory compliance and the finer art of information
security.
George Toft, CISSP, MSIS
My IT Department
www.myITaz.com
623-203-1760
Confidential data protection experts for the financial industry.
James Childers wrote:
> But let me guess what the response was to your ad ... They didn't care
> because it hasn't happened to them yet.
>
> Apathy coupled with stupidity is a dangerous marriage.
>
> Do small firms have to comply with GLBA or are they exempt? If so, how
> can they justify non-compliance?
>
> Jim Childers
> iQBio
> www.iqbio.com
> http://databreaches.blogspot.com
>
> -----Original Message-----
> From: dataloss-bounces at attrition.org
> [mailto:dataloss-bounces at attrition.org] On Behalf Of George Toft
> Sent: Sunday, February 04, 2007 10:38 AM
> To: blitz
> Cc: dataloss at attrition.org
> Subject: Re: [Dataloss] CTS: Thief Steals Tax Records
>
> We tried to alert them all. We published articles and ads in the
> Arizona Society of CPA magazine.
>
> George Toft, CISSP, MSIS
> My IT Department
> www.myITaz.com
> 623-203-1760
>
> Confidential data protection experts for the financial industry.
>
>
> blitz wrote:
>
>>So one would/might postulate at this point the thieves are selecting
>>smaller targets, with less names and info. Especially ones with less
>>security, and obviously more to loose should they be compromised.
>>
>>*/There should be an alert to them all.
>>
>>
>>/*At 23:39 2/3/2007, you wrote:
>>
>>
>>>I would expect to see more of these. I met an accountant in Phoenix
>>>that had just her hard drives stolen - guess what the thief was
>
> after?
>
>>>This is a sore point for me - we hired a telemarketer to call every
>
> CPA
>
>>>in Phoenix. There was virtually no interest on the part of the CPA's
>
> to
>
>>>protect their customer's information from this type of event.
>>>
>>>BTW - 800 people for one firm means it's a small firm.
>>>
>>>George Toft, CISSP, MSIS
>>>My IT Department
>>>www.myITaz.com <http://www.myitaz.com/>
>>>623-203-1760
>>>
>>>Confidential data protection experts for the financial industry.
>>>
>>>
>>>Dissent wrote:
>>>
>>>>http://www.wndu.com/news/headlines/5530966.html
>>>>
>>>>Eight hundred people are in jeopardy of having their credit ruined,
>>>>because thieves in the night stole their personal information from
>
> a
>
>>>>Cassopolis tax preparer.
>
> _______________________________________________
> Dataloss Mailing List (dataloss at attrition.org)
> http://attrition.org/dataloss
> Tracking more than 146 million compromised records in 562 incidents over
> 7 years.
>
>
>
More information about the Dataloss
mailing list