LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Please Help a Student Out...
From:	Angie Fares <[log in to unmask]>
Reply To:	Records Management Program <[log in to unmask]>
Date:	Tue, 4 Nov 2008 09:49:29 -0600
Content-Type:	text/plain
Parts/Attachments:	text/plain (70 lines)

Monica...

Lots of solutions are available for handling customer data, but how the
data is handled is changing drastically, especially for retailers,
service organizations, and anyone who must handle credit card data. A
lot of retailers are now changing from storing sensitive information to
only storing a record that the information was verified. Those who must
store sensitive customer information are resorting to strict access
rules, hashed or encrypted storage solutions that prevent people from
seeing entire credit card numbers or social security numbers, and
redaction. These solutions are also necessary for backup tapes or other
backup storage devices.

For organizations who handle sensitive customer data, the risks are
great. Payment Card Industry standards are growing tight and retailers,
in particular, must comply in order to maintain the privilege of being
allowed to accept credit cards as a form of payment. If you fail your
audit or get breached and are found to have insufficient controls in
your organization to protect data, then Visa/Mastercard/Discover can
yank those privileges. Here is a link to a simple article that lists
the standards:
http://www.4hoteliers.com/4hots_fshw.php?mwi=2135

In addition to protecting your data, you've got to have a disaster plan
ready to go in the event that you are breached. Many states have passed
their own version of anti-identity theft laws and, also, breach laws
that require organizations to notify customers if their data has been
breached. This has led to interesting discussions over who "owns" the
data if you are using it, but not storing it.

There is a list of state-specific and federal laws on the iron mountain
web site if you go to the Secure Destruction web site and register (it
is free). It is very current and I find this to be a great research
tool.
http://www.ironmountain.com/knowledge/compliance/laws/index.asp

You can also go to several state legislature web sites to find
anti-identity theft laws, but I found this one to be the most helpful.
http://www.ncsl.org/programs/lis/privacy/idt-statutes.htm

This web site is a list of laws that details what each state requires in
the event of a breach. Might be interesting to do a comparison on
those.
http://www.ncsl.org/programs/lis/cip/priv/breachlaws.htm

And also this one for interesting articles on the subject of identity
theft and the protection of customer data.
http://www.ncsl.org/programs/lis/privacy/idt-pubs.htm

Good luck with your assignments. Let me know if I can be of further
assistance. Having come from a healthcare, manufacturing, and retail
background, I've had some personal combat experience with just such
issues.

Angie Fares, RHIA, CISA, CRM
Director, Corporate Records & Information
RadioShack Corporation
300 RadioShack Circle, WF4-130
Fort Worth, TX 76102
Phone: 817-415-4925
Fax: 817-415-9742
Email: [log in to unmask]

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]

ATOM RSS1 RSS2

LISTSERV.IGGURU.US