(re) blog: dialogue with Redemtech

January

• In January it was reported that thousands of U.S. companies and non-domestic corporations that do business in the U.S. will adopt global financial reporting rules within five years if regulators have their way, experts said. The impact is likely to surpass that of the Sarbanes-Oxley Act (SarbOx), and businesses that ignore the International Financial Reporting Standards (IFRS) will fall behind.
• The Basel Committee on Banking Supervision proposed new measures to close gaps in banking supervision exposed by global economic crisis, including provisions requiring banks to hold more capital to guard against losses and to boost capital requirements for banks that don't thoroughly investigate the kinds of risks underlying certain complex instruments.
• While many large organizations maintain a detailed corporate information security policy, experts warned that ignorance of corporate policy or simple inability to implement and enforce it can leave businesses open to major security breaches. Studies indicated that most employees are unaware of corporate security directives or ignore them.
• Analysts said new Massachusetts Data Security Regulations that went into effect Jan. 1 are like no other in terms of their depth and scope, requiring companies that handle personal data of state residents to possess a comprehensive, written information security program with heightened procedures regarding how information is handled. The rules also extend to entities' service providers and the degree to which they too must show they comply with the Massachusetts rules of handling data on residents.
• A coalition of businesses including Verizon, Microsoft, Wal-Mart and Google called on Massachusetts Gov. Deval Patrick to again delay implementation of regulations to protect against ID theft, saying the pending rules are unworkable.
• A portion of the $818 billion stimulus bill that was passed by the U.S. House of Representatives called for computerizing all health records within five years, but the legislation also contained stringent privacy and security controls to protect online data. Experts said these measures would complement the Health Insurance Portability and Accountability Act (HIPAA) by bringing privacy and security regulations more in line with the digital age.

February

• A paradigm shift away from reactive data protection laws toward more proactive and uniform breach-prevention frameworks is becoming evident, a legal expert said in February. New data protection laws in Nevada and Massachusetts mandated prevention, shifting the focus from data-breach notification, though not eliminating that concern, to breach prevention by way of mandatory encryption.
• The Massachusetts data-privacy regulations underwent revisions, according to the Massachusetts Office of Consumer Affairs and Business Regulation, the agency in charge of issuing the rules. The law that sets requirements for security policies for storing and handling personal-information data in both paper and electronic form was reevaluated after businesses opposed the regulation.
• A new electronics take-back law went into effect regulating e-waste in Washington and was touted by product stewards for taking the financial burden from consumers and putting it back onto electronics manufacturers.
• Many small U.S. businesses faced looming compliance deadlines for Payment Card Industry Data Security Standard (PCI DSS) requirements, necessitating major changes to enhance security infrastructure, industry observers said.
• A report from the Institute of Medicine said a HIPAA Privacy Rule hinders important health research and the U.S. Congress should authorize the development of an entirely new approach to protecting personal health information in research.
• The Centers for Medicare and Medicaid Services, the unit within the U.S. Department of Health and Human Services (HHS) responsible for compliance with HIPAA, placed greater emphasis on proactive enforcement, according to security analysts.
• The PCI Security Standards Council offered a Prioritized Approach Tool of six "milestones" that businesses should use to pursue compliance. The milestones included: limit data retention; secure the perimeter; secure applications; control system access; protect stored cardholder data; and finalize remaining compliance efforts, ensuring all controls are in place.
• The U.S. Federal Trade Commission (FTC), the U.S. Securities and Exchange Commission (SEC) and the U.S. Department of the Treasury's Office of the Comptroller of the Currency began investigating Heartland Payment Systems following a massive data breach at the payment processing company.

March

• It was reported that California's landmark data-breach notification law may get an update after State Sen. Joe Simitian, co-author of the state's original 2003 legislation, proposed a new bill that would spell out what companies must tell customers in their data breach notifications and require that breaches affecting more than 500 people be reported to the state's attorney general.
• China passed legislation on e-waste management that mandates the establishment of centralized funding for enlargement and improvement of safe electronics recycling facilities in the country. The new law also placed responsibility on manufacturers, retailers, repair and customer service providers and recycling companies to collect and responsibly handle e-waste.
• Wisconsin State Sen. Mark Miller re-introduced an electronics take-back bill designed to ensure device will be recycled instead of being landfilled. Wisconsin Senate Bill 107 established a quota system by which manufacturers would set up a method to collect and recycle electronics sold in Wisconsin.
• Several proposals were under considered in the Oregon Legislature to shift the cost of recycling and disposal of electronics from local governments to manufacturers. Legislation was also proposed to correct a shortfall in the state's recycling programs.
• Ontario implemented a product stewardship program for electronics products, transferring the cost burden for the management of e-waste from municipalities to the companies that produce, sell or distribute the products in the Canadian province.
• A report from the Federal Deposit Insurance Corporation (FDIC) said examiners were finding issues with security awareness and vendor management in their examination of Identity Theft Red Flags Rule compliance at financial institutions. 
• It was reported that, effective May 1, physicians must comply with Red Flag Rules being imposed to curtail consumer identity theft. The rules originally were supposed to take effect on Nov. 1, 2008, but the FTC delayed them at the behest of medical organizations.
• Many small businesses in Massachusetts said they were grappling with how to meet data security standards established by the state Office of Consumer Affairs and Business Regulation more than a year earlier. The state had set May 1 as the deadline for companies to meet the requirements, but in response to a flood of concern from businesses that many would be unable to meet the stringent data security standards in time, the state pushed the deadline to Jan. 1, 2010.
• The Health Information Technology for Economic and Clinical Health (HITECH) Act that contained new and far-reaching provisions concerning the privacy and security of health information became law. The law represented a major expansion of HIPAA, particularly requirements that apply directly to business associates, vendors and service providers.
• Legal experts said HIPAA compliance implications of the HITECH Act may include more aggressive enforcement by state attorneys general.
• The International Accounting Standards Board (IASB) and U.S. Financial Accounting Standards Board (FASB) said they will work quickly to replace accounting standards for off-balance sheet and financial instruments accounting.

April

• The Canadian government re-introduced legislation designed to combat identity theft. The proposed legislation would create three new offenses, including obtaining and possessing identity information; trafficking in ID data; and holding or trafficking in government-issued identity documents.
• The May 1 deadline for when the U.S. FTC would enforce the Identity Theft Red Flags Rule again surfaced. According to Betsy Broder, Assistant Director at the FTC, many companies that didn't think of themselves as creditors were beginning to realize they are a covered entity under the rule.
• The "security bar" has to be raised on the PCI DSS, said U.S. Rep. Yvette Clarke, chairperson of a congressional subcommittee that conducted a hearing on PCI DSS in April.
• UK businesses and financial institutions pined for a new law designed to impose financial penalties over data losses to take effect. Under the law, the UK Information Commissioner should have been given the power to impose civil monetary penalties on businesses that fail to protect sensitive personal information by implementing reasonable measures, if such data is subsequently lost.
• The U.S. House of Representatives approved the Electronic Device Recycling Research and Development Act, legislation that would award multiyear grants aimed at practical solutions to reduce the growing mountains of e-waste that continue to accumulate from mismanagement of end-of-life electronic products.
• Analysts condoned the creation of a single federal data breach disclosure law in order to improve electronic data security and reduce costs.
• Rules proposed by the U.S. FTC regarding disclosure of breaches of personal health information would greatly expand the number of companies that would be subject to notifying individuals if their personal health data was exposed because records were lost or stolen, industry observers said.
• The U.S. FTC, operating under new authority given by the American Recovery and Reinvestment Act (ARRA), took another step toward closing a legal loophole in federal privacy and security rules for emerging Health 2.0 information technology applications by issuing proposed rules aimed at covering an estimated 900 companies and organizations offering personal health records and electronic systems connected to them. The FTC said the new rule on federal breach notification requirements for the developers of electronic PHR systems did not apply to covered organizations or their business associates as defined by HIPAA, but sought to cover previously unregulated entities.
• A key feature of a FASB and IASB proposal to dramatically overhaul financial statements is that managers would separate a company's actual business activities from its financing or funding activities. As a result, each of the three statements - balance sheet, income statement and cash-flow statement - will be divided into two major sections: business and financing.
• Following on the heels of the issuance of FASB staff alerts amending its controversial standard No. 157, Fair Value Measurements, the Public Company Accounting Oversight Board (PCAOB) issued an alert purporting to guide auditors through their own new fair-value responsibilities.

May

• The New York State Assembly passed an Electronic Waste Recycling Act designed to offset dumping of toxic e-waste into state landfills by requiring electronics manufacturers to collect and recycle at least 25% of their annual equipment sales annually, and increase that collection rate to 45% by 2018.
• The U.S. FTC again extended the deadline for compliance with the Red Flag Rules, which require financial institutions, creditors and other organizations to develop written programs to identify and respond to identity theft. The rules became effective Nov. 1, 2008, but the FTC had delayed the enforcement passed a May 1 deadline to Aug. 1.
• Two Oklahoma lawmakers introduced legislation to create a chief information officer position geared to reduce the risk that private information on state computers will fall into criminal hands. Specifically, the CIO would be placed in charge of security for data contained on all state equipment.
• The European Union said it planned to pursue a new law that would require most businesses, agencies and organizations in Europe to notify consumers when they lose sensitive customer data.
• New U.S. legislation to restrict e-waste exports may still allow export to occur, according to the Electronics TakeBack Coalition (ETBC). Responding to a call for support by the bill's sponsors, U.S. Reps. Gene Green and Mike Thompson, ETBC said the bill fails to recognize that exporters can easily claim a particular intent, and if discovered, argue that any mishandling was beyond their control.
• Indiana passed an electronics recycling law that required manufacturers to collect and recycle 60% by weight of the volume of products they sold in the state during the previous year.
• Massachusetts Department of Environmental Protection (DEP) officials told state lawmakers that proposed legislation requiring electronics manufacturers to pay for recycling programs was a "strong step in the right direction" during a public hearing.
• New York Gov. David Paterson reportedly was giving consideration to e-waste legislation by talking to various industry and environmental groups.
• U.S. Rep. Bobby Rush, chairman of the House Subcommittee on Commerce, Trade and Consumer Protection, pushed legislation to require companies holding electronic data containing personal information to adhere to security policies established by the U.S. FTC. The bill would require that companies notify affected individuals when their personal information is breached.
• It was reported that Texas had made great strides in building a coalition supporting data breach reform, but proponents say opposition from large retailers helped doom passage of legislation that would limit compromised credit card losses in the state.
• Leaders of the PCI Security Standards Council charged with developing and implementing security standards for cardholder data protection said regulatory changes were coming for the payment card industry.
• The U.S. Supreme Court agreed to rule on the constitutionality of SarbOx from pro-business conservatives who say the board established by the law to oversee the accounting industry violates the U.S. Constitution's mandated separation of powers. The opponents argued that the violation stems from the fact that members of the accounting board are not appointed and cannot be removed by the President, and Congress cannot control its budget.

June

• The Basel Action Network (BAN) claimed that companies that falsely represent themselves as recyclers take advantage of the fact that few rules exist for stopping the endless tide of consumer electronics coursing through the American waste stream that often ends unfortunately in developing countries in Africa and Asia.
• The U.S. Environmental Protection Agency (EPA) filed an administrative complaint and compliance order against EarthEcycle, an Oklahoma-based electronics recycler, saying the company violated at least seven hazardous waste management regulations.
• An e-waste bill that would make manufacturers responsible for recycling the products they sell passed the Wisconsin Senate. The Wisconsin law would require electronics manufacturers to collect and recycle 80% of the weight of sold devices beginning in September.
• A senior U.S. Justice Department official asked the U.S. Congress to enact legislation to require companies to report data breaches to law enforcement officials. Deputy Assistant Attorney General Jason Weinstein said in testimony to the House Committee on Oversight and Government Reform's Subcommittee on Information Policy, Census and Nation Archives that data breaches are significantly underreported, and as a result, law enforcement efforts to bring criminals to justice are hampered.
• A new state law aimed at strengthening consumer protections against identity theft would go into effect in Alaska on July 1, it was reported. The law requires information-gathering companies to notify consumers of a breach of personal information.
• FASB issued a new accounting pronouncement, FAS No. 165, Subsequent Events, to be applied to the accounting for, and disclosure of, subsequent events not addressed in other applicable Generally Accepted Accounting Principles (GAAP).

July

• Nevada's move to become the first state to sanction full PCI DSS compliance for businesses is seen by some observers as a potential "game-changer." Privacy and information security expert Larry Ponemon said he was concerned that government entities are now legislating detailed information security requirements for business.
• New Indiana laws that went into effect on July 1 included House Enrolled Act 1121 which creates a unit within the Indiana attorney general's office to investigate complaints, assist victims and prosecute crimes of identity theft; and House Enrolled Act 1589, which created a statewide recycling program for discarded electronic products.
• Beginning July 1, Minnesota’s e-waste law was modified to strengthen manufacturers' incentives for proper disposal of computer monitors and TVs.
• Physicians and others managing patient medical information were told to examine notification requirements spelled out in the HITECH Act regarding data breaches. HITECH imposes penalties for noncompliance and authorizes the U.S. Health and Human Services Department to investigate any complaint of suspected noncompliance.
• In was reported that the PCAOB could be altered or even abandoned after the U.S. Supreme Court agreed to consider a lawsuit challenging the constitutionality of SarbOx.
• Legislation aimed at funding research and development efforts to improve e-waste recycling and develop best practices for greener design of electronics was introduced to the U.S. Senate by Sens. Amy Klobuchar of Minnesota and Kirsten Gillibrand of New York. The U.S. Electronic Device Recycling Research and Development Act also would publish a report from the National Academy of Sciences outlining the current state of electronics recycling.
• An e-waste bill that would have required manufacturers to take back consumer electronics for disposal failed to garner the necessary support for passage in the New York State Senate and was withdrawn without a vote.
• Texas Gov. Rick Perry was criticized for vetoing legislation that would have added TVs to the list of covered electronics for the state's extended producer responsibility electronics program. The bill, which the Texas Legislature passed overwhelmingly with support from industry as well as environmental advocates, would have provided Texas consumers with free and convenient recycling for obsolete, toxic televisions, saved taxpayer dollars and created green-collar jobs for out-of-work Texans, according to supporters.
• The Massachusetts DEP issued 78 notices to businesses and other firms in the state for improperly disposing of recyclable materials such as computers and televisions.
• In a case brought by the UK Environment Agency, All Metal Recovery Ltd., a UK recycling company, was fined £22,000 after pleading guilty to attempting to illegally export hazardous waste cables to China in 2007.
• North Carolina Senate Bill 1017, an identity theft measure requiring businesses and state and local government agencies to report all security breaches to the state attorney general, was approved by the state Senate and House.
• Connecticut legislators passed an ID theft act that bars businesses from transmitting customer Social Security numbers via the Internet unless the connection is secure or printing customers' Social Security numbers on ID or access cards.
• A package of identity theft protection bills approved by the Michigan House Judiciary Committee sought to reduce risks of ID theft by establishing procedures for companies to properly destroy personal data.
• A San Francisco TV station's investigation of a loophole in California's e-waste recycling laws is prompting enforcement action in Arizona. After a news story was aired about California's strict recycling rules sending the state's e-waste across state borders, Arizona's Department of Environmental Quality said it found that storage of leaded glass from computer monitors and TVs violates state and federal environmental regulations.
• FASB proposed a new rule called Disclosures about the Credit Quality of Financing Receivables and the Allowance for Credit Losses, an ambitious plan designed to dramatically increase the volume and quality of the disclosures creditors will be asked to provide with respect to "financing receivables," industry observers said.
• U.S. Sen. Patrick Leahy of Vermont introduced the Personal Data Privacy and Security Act, calling for tougher federal identity theft laws and new measures to protect consumer financial data from ID theft and other misuse.
• The U.S. FTC again postponed the enforcement date for the Identity Theft Red Flags Rules, scheduled to begin Aug. 1, to Nov. 1 to enable businesses to gain a better understanding of the rule and its compliance obligations, officials said.
• A lawsuit jointly filed by the Consumer Electronics Association and the Information Technology Industry Council in U.S. District Court in Manhattan challenged numerous aspects of New York City's new electronics recycling law. The suit alleged that the pick-up requirement of the law would be overly burdensome to computer equipment manufacturers.
• PCAOB announced that it had approved a new rule prohibiting audit firms from allowing lower-level employees to conduct final reviews of clients' financials before releasing opinions.

August

• Massachusetts regulators said they had modified a set of identity theft regulations and postponed the date when the regulations will take effect to March 1, 2010. New language requires safeguards that are appropriate to the size, scope and type of business handling the information; the amount of resources available to the business; the amount of stored data; and the need for security and confidentiality of both consumer and employee information, officials said.
• The U.S. HHS issued new regulations requiring healthcare providers, health plans and other entities covered by HIPAA to notify individuals when their health information is breached.
• The U.S. FTC approved a rule that will require web-based businesses that deal with personal health information, even if they are not bound by HIPAA, to report data security breaches. The Health Breach Notification Rule was created and put in place because the U.S. Congress directed the FTC to issue the rule as part of ARRA.

September

• California legislators approved a bill intended to complement the state's trailblazing 2003 data breach disclosure law by requiring that breach notification letters contain specifics about the data-loss incident, including the type of personal information exposed, a description of the incident and advice on identity theft protection. The new legislation, SB-20, also would require that organizations that suffer a breach affecting 500 or more people to submit a letter to the state attorney general's office.
• The U.S. EPA gave ZKW Trading, a Monterey Park, Calif. Recycler accused of shipping cathode ray tubes to Hong Kong 45 days to come up with a plan to legally dispose of the e-waste or face a fine of up to $37,500 a day.
• Several organizations called for the U.S. Congress to ban all exports of hazardous e-waste to developing countries. The U.S. EPA only regulates the disposal of lead-filled CRTs, and advocates said more needs to be done to keep e-waste out of landfills.
• New Jersey passed a law to recycle electronics starting Jan. 1, 2011. Electronics manufacturers that don't recycle their products would be subject to fines.
• Michigan introduced legislation designed to help identity theft victims seek restitution for the time and effort needed to clean up damaged credit histories also would aim to reduce the risk of ID theft by establishing procedures for companies to properly destroy personal data.
• U.S. pressure to toughen how banks set aside capital suggests reform of Basel II rules on capital adequacy could be drawn out for years, financial experts said. U.S. banks have not yet fully implemented the rules and some officials see the economic crisis as a chance for radical reform, but resistance is likely from Europe.
• Changes in accounting standards, rules and policies for financial institutions must be coordinated globally in the effort to help avoid a recurrence of the economic crisis, U.S. federal regulators said.
• U.S. Sen. Charles Schumer of New York promoted federal legislation designed to tackle ID theft by requiring firms that experience a security breach involving personal data to notify consumers and law enforcement officials; mandating companies to enact stricter procedures to keep identities safe; and increasing penalties for stealing IDs.
• The U.S. House Energy and Commerce Committee considered legislation that would require strong security policies from firms that collect and store individuals' sensitive information and provide for nationwide notification in the event of a data breach.
• New rules governing consumer notification when the security of patient health information is breached went into effect. A final rule from the U.S. FTC requires vendors of personal health records (PHR) and entities that offer third-party PHRs to notify consumers of data breaches. A separate rule for entities covered by HIPAA requires providers, payers, clearinghouses and other covered entities to notify affected individuals in instances of a data breach.
• Despite PCI DSS, companies still struggle with significant data security issues, a new Ponemon Institute survey found.
• Under proposed state regulations on a new Connecticut e-waste recycling program, manufacturers would pay state-approved haulers to collect and recycle the electronic products they make. The state legislature passed an e-waste law in 2007, and the Connecticut Department of Environmental Protection has worked during the previous two years to develop program rules to keep the toxic materials that electronics contain out of landfills.
• Wisconsin legislators passed a bill that would require electronics manufacturers to manage recycling of their products and make it unlawful to dump electronic devices that contain toxic materials in state landfills.
• Kentucky Department for Environmental Protection officials told Kentucky legislators that the state should impose a ban on landfilling end-of-lifecycle electronics.
• U.S. Sen. Amy Klobuchar said her proposed federal legislation geared toward improving electronics recycling would be the first step in bringing together manufacturers, retailers, recyclers and research institutes to help find solutions to the problem of e-waste.
• It was reported that a growing number of states are trying to reduce the rising tide of e-waste by requiring electronics manufacturers to take back and recycle their products. Nineteen states have passed laws requiring the recycling of end-of-lifecycle electronics.
• Manufacturers complained that sweeping new e-waste disposal legislation in Wisconsin is unfair because it puts a strong responsibility, backed with penalties, on them to recycle the devices they produce.

October

• The U.S. House Committee on Energy and Commerce voiced concern regarding a controversial provision included in an interim final rule published in September by the U.S. HHS in a bill requiring breach notification for unsecured health information. Under the provision, healthcare entities would have to publicly disclose data compromises only if they think the breach will cause financial harm or hurt the reputation of those whose data was compromised.
• According to the U.S. SEC, U.S. small businesses will no longer get a reprieve from complying with an auditing provision of SarbOx corporate reform law. The SEC will require small companies to report on the effectiveness of their internal controls as of June 15, 2010.
• A new North Carolina law that went into effect on Oct. 1 beefed up security breach reporting requirements, requires paid credit monitoring services to tell consumers how they can check their credit reports and protects crime victims from debts caused by criminals.
• A new Connecticut law which took effect Oct. 1 aimed to broaden the definition of identity theft and strengthen the penalties against the crime in the state.
• California Gov. Arnold Schwarzenegger vetoed a key data breach bill that would have required retailers to provide more details about a data security breach, including the type of personal information exposed, a description of the incident and exactly when it took place.
• The U.S. House of Representatives passed bipartisan legislation designed to exempt small firms from the U.S. FTC’s Red Flags Rule, which mandates businesses to develop and implement identity theft programs.
• Wisconsin Gov. Jim Doyle signed into law legislation designed to reduce the amount of e-waste dumped in state landfills by requiring manufacturers to arrange for recycling and disposal of consumer electronics.
• Government representatives from 18 states signed a letter organized by the Electronics Takeback Coalition accusing the electronics industry of trying to usurp state rights with a recent lawsuit against New York City's e-waste recycling law.

November

• The U.S. Senate Judiciary Committee approved both the Personal Data Privacy and Security Act and the Data Breach Notification Act, two bills that would require organizations with data breaches to report them to potential victims. The data breach notification act would require U.S. agencies and businesses that engage in interstate commerce to report data breaches to victims whose personal information "has been, or is reasonably believed to have been, accessed, or acquired." The data privacy act would also require organizations that maintain personal data to give notice to potential victims and law-enforcement authorities when they have a data breach.
• The U.S. HHS issued an interim final rule to strengthen enforcement and increase penalties for HIPAA violations. The HITECH Act modified the penalties that the HHS could impose for violations of the HIPAA rules.
• The U.S. FTC for the fourth time delayed enforcement of its Red Flags identity protection rules for financial institutions and creditors until June 1, 2010, at the request of the U.S. Congress.
• The U.S. House Financial Services Committee passed a bill that would exempt more than half of all publicly traded companies from the contentious internal-control provision of SarbOx that requires an auditor opinion.
• IASB and FASB reaffirmed a commitment to improve IFRS and U.S. GAAP and to bring about their convergence. The boards also agreed to intensify their efforts to complete the major joint projects described in a 2006 Memorandum of Understanding, as updated in 2008.
• The Canadian government passed tough new legislation to give police and courts added powers to fight identity theft.
• The U.S. Supreme Court questioned the constitutionality of PCAOB established by SarbOx. Several justices suggested that the PCAOB lacks the presidential oversight required under the U.S. Constitution for executive branch agencies. A ruling striking down the board would leave it to the U.S. Congress to re-establish a panel with tighter oversight, setting up a legislative fight that might impact other aspects of SarbOx.
• U.S. Rep. Mike Thompson of California introduced legislation to the U.S. Congress to require the federal government body to responsibly recycle its e-waste. Co-authored by U.S. Reps. Gene Green of Texas, and Mary Bono Mack and Brian Bilbray of California, House Resolution 938 aims to make sure that the outdated electronic equipment discarded by members of Congress and their staffs is recycled, and not landfilled or incinerated.

December

• Ziliang Zhu, doing business as W and E International Trading, and SM Metals, doing business as Better PC Recycle, were charged by the U.S. EPA with illegally exporting computer monitor waste to Hong Kong and fined $21,650.
• Legislation designed to reduce the use of hazardous materials in electronics and promote research programs to improve electronic equipment recycling was passed by the U.S. Senate Environment and Public Works Committee.
• U.S. Sen. Kirsten Gillibrand, co-sponsor of the Electronic Device Recycling Research and Development Act approved by the U.S. Senate Environment and Public Works Committee, said the law would serve as a national solution to ensure that all unwanted electronics are discarded in a safe and responsible manner.
• The U.S. House of Representatives approved the Data Accountability and Trust Act, legislation requiring data brokers to establish procedures to verify the accuracy of information that identifies individuals in their databases and requires them to provide nationwide notice in the event of certain security breaches. The bill also authorizes the U.S. FTC to establish a standard method for destroying obsolete non-electronic data.
• The U.S. House of Representatives rejected a measure that would have required small corporations with market capitalization of less than $75 million to get external reviews of their internal financial controls under SarbOx.