[Dataloss] CTS: Thief Steals Tax Records
lyger
lyger at attrition.org
Sun Feb 4 17:08:55 EST 2007
Since I almost never get to jump into these discussions, please allow me
to retort.
I find a couple of the comments below to be somewhat stereotypical. "IT
guys" are generally considered to be "geeks" and nothing more, even if
they have years of experience in fields that have to deal with regulatory
compliance issues on a daily basis. Some "IT guys" are absolutely capable
of making business decisions, especially when the decision in question
concerns protecting their company from bad choices made by the "business
leaders" who fail to understand the basics of risk assessment and risk
management, specifically those that deal with the loss of client,
customer, or employee information.
While it may be true that "a large percentage of IT guys" aren't as versed
in regulatory compliance as their "business leader" counterparts, the same
can be said for the "business leaders" who aren't concerned with the
impact a data breach can have on their company and fail to enable their
"IT guys" to provide valuable input into the decision-making process.
Just my opinion.
Lyger
On Sun, 4 Feb 2007, James Childers wrote:
": " An absolute recipe for disaster is when you let the I.T. "guys" make
": " business decisions.
": "
": " Thanks for the info.
": "
": " James Childers
": " http://www.iqbio.com
": " http://www.clipbio.com
": "
": " -----Original Message-----
": " From: George Toft [mailto:george at myitaz.com]
": " Sent: Sunday, February 04, 2007 1:45 PM
": " To: James Childers
": " Cc: blitz; dataloss at attrition.org
": " Subject: Re: [Dataloss] CTS: Thief Steals Tax Records
": "
": " The FTC clearly calls out tax preparers as being required to comply with
": "
": " GLBA (http://www.ftc.gov/bcp/conline/pubs/buspubs/glbshort.htm 3rd
": " paragraph). However, in September, 2006, CPA's were able to become
": " exempt from the privacy rule of GLBA
": " (http://www.icpas.org/icpas/ei/gbarticle.asp). They are still required
": " to comply with the Security Rule, which nobody seems to know about.
": "
": " CPA's by nature are very tight-fisted with their money, and they see
": " this as yet another expense that has no benefit. "If it's not broke,
": " why should I fix it?"
": "
": " This list's members are very proactive and forward-thinking. Securing
": " information is obvious to us, but eludes others, so they delegate the
": " task to "the IT guy" and it's his problem because "he understands that
": " stuff." Problem is, a large percentage of IT Guys I've spoken with are
": " clueless about regulatory compliance and the finer art of information
": " security.
": "
": " George Toft, CISSP, MSIS
": " My IT Department
": " www.myITaz.com
More information about the Dataloss
mailing list