“Standards for Safeguarding Customer Personal Information”
Effective Date: This Rule is effective on June 1,2005.
As noted in the preamble to the proposed Rule, among the entities that possess or maintain consumer information for a business purpose are consumer reporting agencies, as well as lenders, insurers, employers, landlords, government agencies, mortgage brokers, automobile dealers, and other users of consumer reports.
The Commission also noted that “reasonable measures” are very likely to require elements such as the establishment of policies and procedures governing disposal, as well as appropriate employee training.
“Standards for Safeguarding Customer Financial Information”
EFFECTIVE DATE: This Rule is effective on May 23, 2003.
The Commission requires businesses to establish standards relating to administrative, technical and physical information safeguards. As required by section 501(b), the standards are intended to: Ensure the security and confidentiality of customer records and information; protect against any anticipated threats or hazards to the security or integrity of such records; and protect against unauthorized access to or use of such records or information that could result in substantial harm or inconvenience to any customer.
“Standards for Safeguarding HIPAA”
EFFECTIVE DATE: This Rule is effective on January, 2013
In January 2013, the Department of Health and Human Services announced the Omnibus HIPAA Privacy and Security Rule. This
Rule modifies the Privacy and Security Rules and implements statutory amendments outlined in the HITECH Act of 2009. This strengthens the Privacy and Security protection for individuals’ health information and for their genetic information and modifies the Breach Notification Rule.
“Enforcement Policy for Complying with Privacy Laws”
Summary: “Identity Theft Red Flags Rule”
EFFECTIVE DATE: This Rule is effective on December 31, 2010
The Federal Trade Commission (FTC), the federal bank regulatory agencies, and the National Credit Union Administration (NCUA) have issued regulations (the Red Flags Rules) requiring companies that collect, maintain, and discard financial information to develop and implement written identity theft prevention programs, as part of the Fair and Accurate Credit Transactions (FACT) Act of 2003.