Julian
A number of interesting points of discussion in the reported news.
Regards para which states
"The settlement with Sunbelt will bar future violations of the Safeguards Rule and require biannual audits of Sunbelt's information security program by a qualified, independent professional for 10 years. These are the FTC's first cases enforcing the Safeguards Rule."
How does one establish who is considered a 'qualified independent professional' to conduct such audits?
What knowledge is the required security assessor needing to satisfy a 'qualified professional' criteria?.
Is there a series of recognised qualification a person in the US has to have before being considered 'qualified'?
Anyone know?
In the UK or possibly even EEA there appears to be no benchmark for establishing who are catagorised as 'qualified independent professionals' to assess Security Quality. If anyone knows different please post.
David Wyatt
----- Original Message -----
From: Julian Curmi
To: [log in to unmask]
Sent: Wednesday, November 24, 2004 8:33 AM
Subject: [data-protection] FTC Alleges Mortgage Companies Violated Gramm-Leach-Bliley Act
fyi - similar in a way to the Cahoot incident - customer information not adequately protected.
--FTC Alleges Mortgage Companies Violated Gramm-Leach-Bliley Act
(17 November 2004)
The Federal Trade Commission has issued an administrative complaint
against one mortgage company and has reached a settlement agreement with
another regarding charges both violated the Gramm-Leach-Bliley Act's
Safeguard Rule. The rule requires financial companies to provide
reasonable protection for customers' personal and financial data.
http://rismedia.com/index.php/article/articleprint/8396/-1/1/
Julian Curmi
Information Security Officer
Bank of Valletta plc
Malta, Europa
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|