[ Thursday, October 29, 2009 ]
Red Flags and Small Businesses:
To stop ID theft, businesses need to follow the Red Flags Rule. TJMaxx and other high-profile breaches show that. But is it even more important for small businesses to follow the Red Flags Rule? Some say so
Pro: small businesses have less technology, so lower technological defenses against ID theft. They also tend to be more likely to fall victim to social engineering activities. They also can't bear the potential cost of a data breach/ID theft claim, since they have fewer customers to spread that cost/risk over.
Con: they tend to know their customers better and are more likely to ask questions. With fewer customers, they are more likely to notice an abberation, since their customers will fall into a tighter pattern of behavior and account activity. They have less staff to bear the bureaucratic burden of compliance with regulations like the Red Flags Rule.
Arguments both ways.
Jeff [8:54 AM]
Blogger: HIPAA Blog - Edit your Template