From the FTC
Eight federal regulatory agencies today released a final model privacy notice form that will make it easier for consumers to understand how financial institutions collect and share information about consumers. Under the Gramm-Leach-Bliley Act (GLB Act), institutions must notify consumers of their information-sharing practices and inform consumers of their right to opt out of certain sharing practices. The model form issued today can be used by financial institutions to comply with these requirements. Read more
Friday, November 20, 2009
Model Privacy Policy issued by the Feds
The FTC and seven other Federal agencies released their model privacy policy based on interviews with consumers and feedback from all of the agencies involved. Any organizations that fall under the regulatory auspices of one of those agencies, or has GLBA requirements would be well advised to take this “requirement” into consideration before it comes up in an action against the organization and you are facing an auditor asking you why you did not take this into consideration. See intro from the press release and a link to the entire release as well as the template.
Thursday, November 5, 2009
What if the e-mail says s-i-p-c?
There is a bill pending as part of the Investor Protection Act (section 508) that would require ISP’s to block content where scammers are posing as SIPC Members. Ask anyone that has tried to block scam e-mails or web sites, and they will tell you long sad stories about the impracticality of this exercise. And here is a news flash for the House – the e-mails and web sites you are attempting to block here, do not always clearly state SIPC member, or “we are a fraudulent site". They can use any number of tricks to hide the content from scanning including images that aren’t named “SIPC fraudulent logo.bmp” and HTTPS connections. Judges have already thrown out prior requirements of this type looking for porn. What’s next – using a BBB seal without rights? Wouldn’t it be better to solve the broader problem of consumer protection instead of looking at one type of fraud? The last I checked, check fraud was still the most prevalent fraud in America.
Story follows from cnet http://news.cnet.com/8301-13578_3-10390779-38.html
Story follows from cnet http://news.cnet.com/8301-13578_3-10390779-38.html
Tuesday, November 3, 2009
Comcast's Constant Guard
Comcast is set to debut its “Constant Guard” program that will alert users if they suspect their machine is infected with malware. Apparently they are already doing this via telephone, and want to automate the process through browser notifications. As someone who used to manage IPS, I cannot imagine trying to do this on this scale, but I applaud them for trying this anyways. There are however two big issues with this – not to mention the nine others.
1. Privacy – exactly what are they watching here, and what are they sending in the way of interceptions
2. They are copying what the malware distributors are doing right now with fake A/V solutions that are actually malware, and it is going to be impossible for novice computer users, who apparently got infected in the first place to know the difference between Comcast and Malware.
Story below
http://ca.news.finance.yahoo.com/s/08102009/34/biz-f-business-wire-comcast-unveils-comprehensive-constant-guard-internet-security-program.html
1. Privacy – exactly what are they watching here, and what are they sending in the way of interceptions
2. They are copying what the malware distributors are doing right now with fake A/V solutions that are actually malware, and it is going to be impossible for novice computer users, who apparently got infected in the first place to know the difference between Comcast and Malware.
Story below
http://ca.news.finance.yahoo.com/s/08102009/34/biz-f-business-wire-comcast-unveils-comprehensive-constant-guard-internet-security-program.html
Subscribe to:
Posts (Atom)