I was talking to a business owner / friend the other day and he was showing me a concept for a website that he had been working on for the last year or so. However, before he showed me any specifics about the website and any of the particulars he wanted me to sign a confidentiality agreement. I read and signed the agreement. He then started to explain what he was trying to accomplish with the site on how it was going to be maintained, marketed and the revenue side of his campaign. The reason he wanted to show me his project is that he wanted relevant businesses to be associated with his project. The more I sat and listened the more I was convinced that this project of his had the potential of really doing well in the Internet Arena.
What I'm getting at is that my friend had the intellect and understanding to "protect" his idea and investments from being stolen from people by having them sign a confidentiality statement before he released any information. When it comes to opening or running a business I think you'll agree there are no shortages of regulations that are set forth by Federal and local governments to operate. Having said that I have to admit one of the best ones to come out in recent years is the "Red Flag Rule" which addresses Identity Theft in the workplace. I'm not a big fan of regulations myself but this is one all businesses can live with and adhere to with astounding ease. And if you're not familiar with this regulation don't feel bad. In my experience in this field I would estimate that over 85% of the companies and businesses that I come in contact with have either never heard of the law or have not implemented it. And what's surprising to me is that, even though this regulation is required by law, business owners are reluctant to put it into place.
Let's take a quick look at this regulation. There are several identity theft laws that deal with workplace identity theft protection but they all pretty much point in the same direction.
1) Have a security policy in place that addresses the company's security issues. Writing one of these from scratch can be time-consuming and cumbersome if you don't know what to look for. What I offer to my clients is a template to help speed up the process and to assist in focusing on the problem areas. I have taken the most difficult part of the equation and turned it into a task which takes minutes to complete.
2) Appoint a Security Officer to oversee the implementation of the Company's Security Policy and to update the policy when needed.
3) Your employees need to be trained on how they handle non-public information and have them sign a confidentiality agreement. Not only is this is the easiest part of the whole arrangement in my mind, it is the most critical because it ties all three components together to create a "Culture of Security" in your workplace.
This law makes sense in the aspect that all employees are on the same page when it comes to non-personal information and how it is handled. With more than half of the identity theft here in the U.S occurring in the workplace and the amount of the fines that are associated with a breach of information this regulation just makes sense to a company's bottom line.
0 comments:
Post a Comment