RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US
Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Condense Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Sender:
Records Management Program <[log in to unmask]>
Subject:
Re: Accountability from those who handle financial records
From:
"Allen, Doug" <[log in to unmask]>
Date:
Mon, 9 May 2005 12:19:58 -0400
Content-Type:
text/plain
MIME-Version:
1.0
Reply-To:
Records Management Program <[log in to unmask]>
Parts/Attachments:
text/plain (165 lines) 
There are some significant activities underway in a somewhat related group,
referred to as PRIA (the Property Records Industry Association).  The
members of that group recognize the sensitivity of privacy issues, but those
who are County Clerks / County Recorders / and Registers of Deed are charged
with the responsibility of providing unfettered access to records that have
been filed in their offices (whether or not those contain social security,
drivers license, or other numbers), and are not permitted to alter those
records.

Interestingly, the State of Florida was at the forefront of requiring that
public records be made available on the Internet, and is now also at the
forefront of requiring the "redaction" of personal information from records
that were filed in the past.  That's a very costly process, and isn't
something that is readily accomplished in an automated fashion, but shows
some leadership in the protection of personal information.

Douglas P. Allen, CRM, CDIA+

-----Original Message-----
From: Records Management Program [mailto:[log in to unmask]] On Behalf
Of Jones, Virginia
Sent: Monday, May 09, 2005 11:03 AM
To: [log in to unmask]
Subject: Re: Accountability from those who handle financial records

<By the way, for those who are concerned, have you noted that there is
public information, available on the web, that sometimes includes social
security numbers?.... That would include court record filings (especially in
the case of child support orders), and property record transactions, where
those preparing the documents have sometimes included SSN's?>

And yet the U.S. Privacy Act and many state Acts have been revised to
prevent this.  As RIM practioners we have to make sure our organizations are
in compliance with any data protection or personal privacy laws and
regulations AND as citizens we have to make sure our personal information is
handled in accordance with the laws and regulations.


Ginny Jones
(Virginia A. Jones, CRM)
Records Manager
Information Technology Division
Newport News Dept. of Public Utilities
Newport News, VA
[log in to unmask]

-----Original Message-----
From: Records Management Program [mailto:[log in to unmask]] On Behalf
Of Allen, Doug
Sent: Monday, May 09, 2005 11:49 AM
To: [log in to unmask]
Subject: Re: Accountability from those who handle financial records

The privacy issues and notification issues indicate a couple things to me,
including the following:

(1) This is an obvious area where there will need to be additional law
enforcement resources applied, and...
(2) It would make sense for those of us who are on this list, and thus
better informed than many others to take steps to secure our own credit....
There are services that can help us, and there are steps that we can each
take with credit reporting organizations to ensure that we not become
"victims".

As much as I might like to place the blame on the organizations charged with
protecting this information.....and, certainly they can now do a better
job..... Protecting my credit remains fundamentally my responsibility.

By the way, for those who are concerned, have you noted that there is public
information, available on the web, that sometimes includes social security
numbers?.... That would include court record filings (especially in the case
of child support orders), and property record transactions, where those
preparing the documents have sometimes included SSN's?

Douglas P. Allen, CRM, CDIA+

-----Original Message-----
From: Records Management Program [mailto:[log in to unmask]] On Behalf
Of Hugh Smith
Sent: Monday, May 09, 2005 10:37 AM
To: [log in to unmask]
Subject: Re: Accountability from those who handle financial records

On May 8, 2005, at 12:03 AM, Automatic digest processor wrote:

> Sorry Hugh but several of these were asked by law enforcement agencies

> to NOT reveal the breach. California Cyber Security requires companies

> to reveal security breaches immediately UNLESS law enforcement says
> don't
>
> pak
> --
> Peter Kurilecz
> Richmond, Va
>

.............and, in the meantime, the interests of the citizen are
trampled.  Our credit information is exposed and we are left in the dark.
The cyber thief or those who specialize in Identity Theft is given exactly
what he or she wants, which is time to pilfer accounts or create identities
with no awareness by the individual that such a theft of their information
is made known.

If the information contained is about my family and your family, then we
should be made aware at the same time the bank is aware.  Whether they
announce it in the newspaper or CNN is another issue.  If someone breaks
into your house, and steals my car out of your garage, shouldn't the police
notify both of us? We are both victims.

The question is: who is really the owner of the information?  If they have
my SSN, my bank account information, my credit card information and that
information can hurt me then I should be made aware.  Especially since the
banks pushed through legislation about bankruptcy, any risk exposure they
create is now even more dangerous.

But if these thefts can be hidden from the victims by law enforcement, does
this create more or less liability for the bank?  Can they hide behind the
"We couldn't tell you of your exposure because the police (or
FBI) asked us not to."  I think a responsible Bank would have said "We have
a responsibility to our depositors and credit card holders to alert them to
their exposure."

This is why I bank with a locally owned bank.  If something would happen, my
personal bank officer would call me and alert me to the risk.
They would not view this the same way a big conglomerate would.  They would
look at the effect this would have on their local businesses and neighbors.

So again, it is about Accountability from those who handle our financial
records.  Failure to disclose to their clients for so many weeks is an error
in judgment in my opinion.

It is ironic that we worry so much about the Patriot Act violating our
personal rights by gathering information about us without our consent but
myriad banks have financial information on us.

Choice Point and many other credit reporting companies  may have our
financial information and we have never given them permission to gather and
accumulate it. And if they lose it, they along with the police may decide we
don't have a right to reasonable notification to act to protect ourselves.

> Sorry Hugh

I am really sorry that this legislation was written with a caveat that helps
protect the bank while it tramples on our rights.

Hugh Smith
FIRELOCK Fireproof Modular Vaults
[log in to unmask]
(610)  756-4440    Fax (610)  756-4134
WWW.FIRELOCK.COM

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance

ATOM RSS1 RSS2