Companies To Be Liable For Deals With Online Criminals 171
Dionysius, God of Wine and Leaf, sends us to DarkReading for a backgrounder on new rules from the FTC, taking effect in November, that will require any business that handles private consumer data to check its customers and suppliers against databases of known online criminals. Companies that fail to do so may be liable for large fines or jail time. In practice, most companies will contract with specialist services to perform these checks. Yet another list you don't want to get on. "The [FTC's] Red Flag program... requires enterprises to check their customers and suppliers against databases of known online criminals — much like what OFAC [the Treasury Department's Office of Foreign Asset Control] does with terrorists — and also carries potential fines and penalties for businesses that don't do their due diligence before making a major transaction."
Re:Onerous Burden on Businesses? (Score:1, Informative)
Running a business entails costs, and this is one of them. I see nothing wrong with this regulation.
EU Export (Score:4, Informative)
Re:Who does this apply to? (Score:3, Informative)
Re:I'm doing business with Mastercard (Score:3, Informative)
Scope isn't as broad as it looks (Score:3, Informative)
Re:Onerous Burden on Businesses? (Score:2, Informative)
That transaction log itself contains great data mining material for TLA:
This is simplified, but imagine the query sent to TLA by PoopyCorp was "SELECT * FROM BAD_GUYS WHERE NAME='Joe Bloggs'". Now, TLA knows that Joe Bloggs does business with PoopyCorp - possibly very valuable information if Joe Bloggs is a politician and PoopyCorp manufactures sex toys, or hell, if Joe Bloggs is a startup company founder and PoopyCorp supplies loans (uhoh, looks like BloggsCo is in financial difficulties, they're looking for a loan).
If the query was checking *any* more involved stuff, it could be an even more catastrophic leak of information to TLA.
If PoopyCorp instead just got a copy of the whole database from TLA each time (i.e. "SELECT * FROM BAD GUYS"), and does the checking to see if Joe Bloggs is in that without involving TLA further, great, no information leak to TLA - except then PoopyCorp knows everyone on the list, an information leak in the other direction.
In short, the idea of mandating this sort of check is deeply evil, though optional checking is less problematic (Joe Bloggs can take his business elsewhere if PoopyCorp *wants* to check with TLA to protect its interests).