The Deadline for compliance of 12 CFR part 717 is November 1, 2008.
A very good client of mine brought this to my attention recently. I see very little forward momentum within my clients in terms of implementing solutions that satisfy compliance requirements. The following is a passage taken from www.thefederalregister.com:
Section .90(b)(9) Red Flag. The proposed regulations defined “Red Flag” as a pattern, practice, or specific activity that indicates the possible risk of identity theft. The preamble to the proposed rules explained that indicators of a “possible risk” of identity theft would include precursors to identity theft such as phishing,\21\ and security breaches involving the theft of personal information, which often are a means to acquire the information of another person for use in committing identity theft. The preamble explained that the Agencies included such precursors to identity theft as “Red Flags” to better position financial institutions and creditors to stop identity theft at its inception.
As I mentioned in a previous posting, e-mail encryption solutions will suffice. The solution needs to incorporate the following components:
- Be located at the network’s choke point
- Be able to integrate with identity sources within the credit union via a tap
- Have a financial lexicon engine that automatically blocks and/or encrypts sensitive personally identifiable information.
- Have the ability to discriminate between a social security number in context and a random set of numbers.
Believe me, all solutions are not created equally. I have seen several solutions, and I love one of them, but I have also seen others fail.
If there is enough interest I will delve into product specifics but for now I will let my comments above stand.