Strategic Information Resources is dedicated to data security and to protecting private consumer information. Businesses that obtain and utilize confidential consumer information, have contractual and legal obligations to protect this information from misuse. Legal requirements to protect consumer information stem from the following Federal and State Laws:
- Fair Credit Reporting Act
- Fair and Accurate Credit Transaction Act
- Gramm-Leach- Bliley Act ("safeguards rule")
- CMR 17:00 Standards for the Protection of Personal Information of Residents of the Commonwealth of Massachusetts
As a Client of Strategic Information Resources, there are also contractual obligations to be followed with respect to data security. SIR requires each client follow SIR's Access Security Requirements and adopt these requirements into the function of your operation.
Click to view: Data Access Security Requirements (PDF)
If security is compromised and confidential consumer information is retrieved with unauthorized access:
SIR is required to immediately suspend company access to credit information.
SIR is required to immediately report the breach of security to the national credit repositories.
Before access to credit can be reinstated, a detailed investigation will be required to identify the source of security breach including but not limited to a technology security audit performed by a qualified auditor.
How Can I protect my Operation?
You have both legal and contractual obligations to ensure the safeguarding of confidential consumer information. At a minimum you should follow
these "Best Practices":
Ensure your operating system is current and up-to-date, and all critical updates have been applied.
Ensure you have anti-virus, anti-malware and anti-spyware installed and confirm they are updated regularly.
Train all staff to open ONLY email attachments if they are expected and received from KNOWN sources.
Other Important Steps in Keeping Data Secure
Limiting access to confidential consumer information to employees who have a business reason to see it.
Check personal references and conduct a background check before hiring employees who will have access to confidential consumer information.
Controlling access to such information by requiring employees to use "strong" passwords that must be changed frequently.
Use password activated screen savers to lock employee computers after a period of inactivity.
Lock rooms and file cabinets and desks where records are kept.
Implement policies for not sharing or posting passwords.
Immediate Steps to Take if a Breach Occurs:
Contact SIR Immediately.
Take Immediate Steps to secure the area including disconnecting computer terminals from internet access and or other "lock down" measures.
Preserve and review files or programs that will assist in investigation to breach circumstances.
SIR is pleased to offer a discounted Data Security Awareness Training Program prepared by Consumer Data Industry Association
Register through this link here to receive your discounted price. Once on the site, use promo code SIR to receive our discount
Strategic Information Resources is committed to keeping Confidential Consumer Information Secure, please contact us at:
1-800-332-9479, Ext 349 for additional information concerning our security requirements.