The bMighty Blog -- Storage

We posted an article on "Storage Smarts" last week which examined various data storage options -- one of which is outsourcing your data storage. One of our readers, though, pointed out that there are liability issues that smaller businesses need to be aware of if they choose that option. We are listening.

Deb Berchem is the virtual office manager for Biewer & Associates, certified identity theft risk management specialists. (Bercham says she is working on getting her certification.)

Berchem points out that if smaller businesses outsource their data storage they are still liable for the protection of that data, especially with recent legislation.

She writes that with outsourced data, "you have passed on the headaches to some extent, but really in essence you have inherited more problems, as of November 1st 2008 you will be held accountable for all your data and your liability follows your data. You need to be sure that the businesses that you partner with are in compliance with the new Red Flag Rules, and not just partially, but fully compliant."

The Red Flag Rules were passed to minimize incidents of identity theft and fraud. The Federal Trade Commission issued its Red Flag Rules last October and the release indicated that "final rules are effective on January 1, 2008. Covered financial institutions and creditors must comply with the rules by November 1, 2008."

Berchem notes that it's a "common misconception that the Red Flag Rules from the Federal Trade Commission only applies to financial institutions." Far from it, she notes. "It deals with all areas of business, how you maintain, gather, and disseminate that information is all liable to get a business in HOT water, both criminal as well as civil penalties are in place for enforcement."

But IT guys can take some comfort as she adds: "The best part about this, it is no longer just the IT departments' problem, the penalties are looking at the CEO’s and Boards of Directors to make sure that their business is following these rules."

Berchem recommends that readers concerned with compliance check out ID Theft 101, a site that addresses many of these concerns.

Her final note: "I am not sure why this has not been more in the news for businesses, the IT and HR Departments have in the past rarely passed on the information claiming “not my problem” and with their being a new Data Breach in the news nearly everyday, I personally would think that CEO’s would be waking up, but so far they have their heads in the sand believing that they don’t have to deal with it since they have an IT department, or a Security officer, that person is only responsible for things that have been passed by the CEO’s and Boards for implementation."

And, she adds: "Remember, 'ignorance of the law is no defense' when dealing with the Red Flag Rules."

Are you aware of the Red Flag Rules? How have they impacted what you do with your business' data? Let us know in the comments.

Spotlight on Solutions

(Sponsored By Cisco)