IT Compliance and Controls

Converging Business, Information, and Controls

IT Compliance and Controls header image 2

Settled Identity Theft Complaints with the FTC

January 31st, 2008 · No Comments

A constant challenge for organizations is measuring the potential impact and consequences of mandated regulations. The weighting of compliance initiatives based on such consequences is not best practice, but is common. The need to demonstrate a true cost benefit analysis is dependent upon, in part, to the actual follow through and enforcement of requirements by regulatory bodies. Therefore, when I come across specific examples where regulations have been enforced, and the market is provided with transparent understanding as to the weaknesses and corrections I like to make them known. I certainly do not believe or endorse a FUD approach to seeking an optimal posture of compliance and operations, but to ignore these impacts is also inappropriate.

Past research I conducted focused on the Federal Trade Commission’s efforts to communicate identity theft and fraud. During that effort I found a speech (and another, and another) that identified the following companies that were identified as having weaknesses and made corrective actions. These are based on the FTC’s mandate to prevent deceptive business practices. The full text of the speech is available here, and is a great read to understand the FTC role in Identity protections. In addition, a publication from The Center for Information Policy Leadership entitled: “A Business Guide: Meeting Your Legal and Business Obligations to Safeguard Personal Information” is also helpful, but given a limitation of time I would recommend the FTC speech as they are the authoritative body.

Businesses and Docket References:

  1. Petco Animal Supplies, Inc. (Docket No. C-4133)
  2. MTS Inc., doing business as Tower Records, Tower Books, or Tower Video (Docket No. C-4110)
  3. Guess?, Inc. (Docket No. C-4091)
  4. Microsoft Corp. (Docket No. C-4069)
  5. Eli Lilly (Docket No. C-4047)


James DeLuccia

Tags: FTC · GLBA · Identity Theft · Risk Awareness · Technology Intelligence · Technology Strategy Orchestration

0 responses so far ↓

  • There are no comments yet...Kick things off by filling out the form below.

Leave a Comment