It is not often that we come across something that just does not seem possible. Yesterday was one of those days, when the FTC announced that it is working with copy machine manufacturers to either end or severely restrict the existing practice of storing digital images captured on photocopiers. The FTC’s response was in reaction to a letter from Representative Ed Markey (D-MA) after seeing a CBS report last month on the issue.
Continue Reading FTC Concerned About Retention of Scans on Copy Machines

CBS 3 in Philadelphia reported last night about local resident Al Butler, whose identity was stolen for use on international dating sites. As reported, criminals would create an account on international dating sites, post images of Mr. Butler taken from social media sites frequented by Mr. Butler, and pass themselves off as Mr. Butler. The “scam” would come when Fake Al Butler would ask for money from women he met on the dating site.
Continue Reading Privacy Invasion: Personal Images Posted Online Stolen for Identity Theft

The Office of Consumer Affairs and Business Regulations (OCABR) proposed revisions to the Massachusetts’ identity theft regulations, which would take effect on March 1, 2010. Citing a desire to undertake data security as “a risk-based approach that is especially important to small businesses that may not handle a lot of personal information about customers,” the OCABR emphasized that a business should assess the size and nature of the business, the kinds of records maintained and the risk of the business as an identity theft target when deciding its policies and procedures to handle personal information.
Continue Reading Identity Theft Regulations in Massachusetts May Get Small Business Friendly

UPDATE: Whether it is because of the economy, or a fear that the Red Flags Rules affects far more retailers than may be understood, the FTC has granted a further delay of enforcement of the Red Flags Rules until August 1, 2009.  Additionally, the FTC will issue a template for lower risk covered entities.  The most recent update can be read here.

This time, nobody can accuse the Federal Trade Commission (“FTC”) and other agencies of implementing new requirements that sneak up on us. These particular regulations (the “Red Flags Rules”), which require that financial institutions and creditors develop and implement written identity theft prevention programs, were issued by the FTC, the federal bank regulatory agencies and the National Credit Union Administration ("NCUA"), as part of the Fair and Accurate Credit Transactions (FACT) Act of 2003 go into effect on August 1, 2009. Originally, the Red Flag Rules would have taken effect on November 1, 2008, which was then extended to May 1, 2009.

The Red Flags Rules require that a program be put in place by financial institutions and creditors that provides for the identification, detection, and response to patterns, practices, or specific activities – known as “red flags.” The purpose of the Red Flags Rules is to help avoid identity theft.

Continue Reading Red Flags Rules Further Delayed, Now Go Into Effect August 1, 2009