ANSWER: FACTA is an acronym known as the "Fair and Accurate Transactions Act" of 2003 and enforced by the Federal Trade Commission (FTC).
QUESTION:Why was this law implemented?
ANSWER: The law was passed by the U.S. Congress and signed into law by President Bush on December 4, 2003 as one of the first steps in addressing the growing problem of identity theft.
QUESTION:Are there more provisions to this law?
ANSWER: Yes! There are many provisions of the law that have been phased into law over the past few years.
QUESTION:What are the provisions that effect my organization?
ANSWER:FINES & LAW SUITS. On June 1, 2005 one of the most significant provisions of FACTA went into effect. This provision impacts any employer / company (regardless of size) / profit / non-profit that collects personal information to include: social security numbers; personal addresses; drivers license numbers; credit/debit card information; pass codes; access codes; business partners and contractors information, patient and/or students personal information.
Infractions and security breaches can result in fines by the U.S. federal government, state governments, and law suits in U.S. courts if the personal information is lost through the actions or inactions of the employer/company.
If personal information falls into the wrong hands, the individual's (customer or employee) identity is at risk! Therefore, the organization's bottom line is at risk!
WHAT IS YOUR ORGANIZATION'S RISK?
ANSWER: The Federal Trade Commission's study on Identity Theft ranks "Employer Records and the Work Place" as the number one source of Identity Theft.
QUESTION: Does the risk apply to my small organization with one employee?
ANSWER: YES! FACTA regulations apply to all organizations, regardless of size and number of employees, that have accounts for which there is a "foreseeable risk" of identity theft. The risk is expanded to all organizations that maintains employee and consumer information for a business purpose "regardless of size"!
WHY IS MY ORGANIZATION A POTENTIAL TARGET OF IDENTITY THEFT? Because all organizations in any industry, public or private, profit or non-profit, are not immune to hackers worldwide, data breaches, security intrusions, information thefts of information on employees, customers, patients, and business partners.
IS THERE A CERTAIN INDUSTRY VICTIMED BY IDENTITY THEFT? NO! The identity theft problem crosses all lines from commercial to government industries, from profit to non-profit organizations, from schools to religious institutions.
HOW LARGE IS THE IDENTITY THEFT PROBLEM? A report by the Texas Business Today reported that approximately 44 million Americans have become a victim of Identity Theft and each theft costing an average of 600 hours of resolution and $1,495.00 in cost fighting the Identity Theft and straightening out the information breach.
WHAT IS MY ORGANIZATIONS SOLUTION?
ANSWER: The FTC requires companies/industries to develop and implement a "Reasonable Information Security Program" to protect its employees, customers, patients, students, and business partners personal information from data theft.
WHAT IF WE FAIL TO IMPLEMENT SOLUTIONS? Failure to develop and implement a "Personal Information Security Program" constitutes an unfair trade practice and the organization is subject to Fines and possible Law Suits if a data breach occurs.
WHAT DO WE DO NOW?
A REASONABLE SECURITY PROGRAM WILL HELP TO REDUCE GOVERNMENTAL ENFORCEMENT ACTIONS CAUSED FROM A SECURITY BREACH.
THE FOLLOWING FIVE (5) STEPS CAN ASSIST YOUR ORGANIZATION IN "DEMONSTRATING" TO THE FTC THAT YOU ARE IMPLEMENTING A "REASONABLE SECURITY PROGRAM" MANDATED BY THE FTC.
The Security Logistics Team will assist you and your organization with these 5 steps outlined below at No Cost To Your Organization:
1. Allow the Security Logistics Team to assist your organization to develop and implement your security plan as outlined and mandated by the FTC. Your organizational security plan will help to minimize your exposure to risks and liabilities caused by a security breach of one of your employees and/or customers "non public personal information".
2. Allow the Security Logistics Team to assist your organization in appointing a "Security Officer" to be responsible for monitoring your organizational security plan.
3. Allow the Security Logistics Team to assist your organization in completing the necessary documents needed to implement an information security plan.
4. Allow the Security Logistics Team to conduct mandatory employee training to educate your employees in the responsibility required by them in processing and handling non public personal information of fellow employees, customers and vendors. Upon completion of mandatory employee training, the Security Logistics Team will ensure that all employees sign a document that validates their attendance of the mandatory training. The validation of attendance documents will be placed in each employee personnel file as part of your organizations "reasonable security program".
5. Allow the Security Logistics Team to offer an Identity Theft Restoration Plan during the mandatory employee training. The Plan will offer one solution in protecting the employees from risks and costs associated with Identity Theft. The plan includes: an up to date credit report; continuous monitoring; fraud alerts; and identity restoration by licensed investigators in conjunction with top rated attorneys. This Plan is a "Total Identity Restoration Plan" offered by two 30 year NYSE companies.
The Total Identity Restoration Plan will be offered to your employees as a voluntary payroll deduction program. The Plan covers the employee and their family at a discounted employee rate. Most importantly, the Plan mitigates financial damages to employees and their organizations associated with identity theft by minimizing the employees "out of pocket expense" associated with legal fees and time off from work incurred in the restoration of their identity.
The employee is required to sign a form documenting that they have been offered the Plan and have either accepted or rejected the Identity Theft Plan as an employee benefit offered by your organization. This document will be placed in their employee personnel file and serves as validation that your organization has offered a Plan to help protect your employees from Identity Theft as part of the organizational "reasonable security plan".