Did You Meet the May Date?
Q. What is the compliance date for the Safeguards Rule?
A. By the time you read this column, you should already be in compliance. The purpose of this Federal Trade Commission (FTC) regulation is to protect your customers’ non-published personal information.
To comply with the Safeguards Rule you must:
1. Conduct an FTC legal overview.
2. Convene a risk assessment meeting.
3. Prepare a corporate policy and employee handbook addendum.
4. Complete employee training.
5. Document, document, document.
If you are unable to check off these items, you are not in compliance. If you think this regulation applies to the “other guys” and not to you, you need to think again. The Safeguards Rule applies to every business that obtains non-published, personal information of its customers and clients.
1. Have you conducted your risk assessment meeting with departmental managers?
2. Have you and your team identified the areas of risk?
3. Have you documented the meetings, plans, and actions you have taken?
4. Have you trained employees and conducted a surprise audit of your action plan?
When you review your safeguarding processes, be sure to include computer protocol. Do you have firewalls installed? What operating system are you using?
If you have a windows-based system and use a Microsoft OS, you should have the latest version installed with protected passwords. Set your computers to automatically turn off after a reasonable amount of idle minutes. Monitor who has access to your computers via modems and upgrades. Establish a policy for computer usage. If your employees download games and/or spy ware you need to know that any unauthorized download can contain a virus or give unknown persons access to your system. Safeguarding your customers’ non-published information is not optional. If you need assistance to comply with this regulation, call your Association office or contact Kelly Enterprises’ Safeguards specialist.
RV Executive Today, July 2004, p. 31