Re: CTS: Thief Steals Tax Records

[George Toft <george () myitaz com>]

The FTC clearly calls out tax preparers as being required to comply with 
GLBA (http://www.ftc.gov/bcp/conline/pubs/buspubs/glbshort.htm 3rd 
paragraph).  However, in September, 2006, CPA's were able to become 
exempt from the privacy rule of GLBA 
(http://www.icpas.org/icpas/ei/gbarticle.asp).  They are still required 
to comply with the Security Rule, which nobody seems to know about.

CPA's by nature are very tight-fisted with their money, and they see 
this as yet another expense that has no benefit.  "If it's not broke, 
why should I fix it?"

This list's members are very proactive and forward-thinking.  Securing 
information is obvious to us, but eludes others, so they delegate the 
task to "the IT guy" and it's his problem because "he understands that 
stuff."  Problem is, a large percentage of IT Guys I've spoken with are 
clueless about regulatory compliance and the finer art of information 
security.

George Toft, CISSP, MSIS
My IT Department
www.myITaz.com
623-203-1760

Confidential data protection experts for the financial industry.


James Childers wrote:
> But let me guess what the response was to your ad ... They didn't care
> because it hasn't happened to them yet.  
>
> Apathy coupled with stupidity is a dangerous marriage.
>
> Do small firms have to comply with GLBA or are they exempt?  If so, how
> can they justify non-compliance?
>
> Jim Childers
> iQBio
> www.iqbio.com
> http://databreaches.blogspot.com 
>
> -----Original Message-----
> From: dataloss-bounces () attrition org
> [mailto:dataloss-bounces () attrition org] On Behalf Of George Toft
> Sent: Sunday, February 04, 2007 10:38 AM
> To: blitz
> Cc: dataloss () attrition org
> Subject: Re: [Dataloss] CTS: Thief Steals Tax Records
>
> We tried to alert them all.  We published articles and ads in the 
> Arizona Society of CPA magazine.
>
> George Toft, CISSP, MSIS
> My IT Department
> www.myITaz.com
> 623-203-1760
>
> Confidential data protection experts for the financial industry.
>
>
> blitz wrote:
>
> > So one would/might postulate at this point the thieves are selecting 
> > smaller targets, with less names and info. Especially ones with less 
> > security, and obviously more to loose should they be compromised.
> >
> > */There should be an alert to them all.
> >
> >
> > /*At 23:39 2/3/2007, you wrote:
> >
> >
> > > I would expect to see more of these.  I met an accountant in Phoenix
> > > that had just her hard drives stolen - guess what the thief was
>
> after?
>
> > > This is a sore point for me - we hired a telemarketer to call every
>
> CPA
>
> > > in Phoenix.  There was virtually no interest on the part of the CPA's
>
> to
>
> > > protect their customer's information from this type of event.
> > >
> > > BTW - 800 people for one firm means it's a small firm.
> > >
> > > George Toft, CISSP, MSIS
> > > My IT Department
> > > www.myITaz.com <http://www.myitaz.com/>
> > > 623-203-1760
> > >
> > > Confidential data protection experts for the financial industry.
> > >
> > >
> > > Dissent wrote:
> > >
> > > > http://www.wndu.com/news/headlines/5530966.html
> > > >
> > > > Eight hundred people are in jeopardy of having their credit ruined,
> > > > because thieves in the night stole their personal information from
>
> a
>
> > > > Cassopolis tax preparer.
>
> _______________________________________________
> Dataloss Mailing List (dataloss () attrition org)
> http://attrition.org/dataloss
> Tracking more than 146 million compromised records in 562 incidents over
> 7 years.
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 146 million compromised records in 562 incidents over 7 years.