RE: PATRIOT Act IT Security guidelines

["Jason Coombs" <jasonc () science org>]

My bank recently informed me that my account would be charged $10.00 for
each immigration and naturalization service or other government-initiated
review of my account. Presumably this comes from the PATRIOT Act -- my bank
wants me to bear the cost of the additional monitoring when it specifically
targets me. I guess they've determined that the near-term impact on their
bottom line is potentially large so an incremental fee increase in other
areas or simple patriotism aren't adequate financing strategies for the
implementation of the PATRIOT Act.

There can be no doubt that certain demographic groups will be assessed such
fees far more frequently than others. The end result is probably racial
profiling paid for by the people who are the targets of investigation.

This is one of the most compelling reasons that private companies should
never be allowed to get involved in law enforcement -- even asking for their
help is a slippery slope and the government might be in the wrong on this
point. Legislators now have to come up with a PATRIOT Act Funding bill and a
PATRIOT Act Standards of Practice bill to regulate the way in which these
various private institutions demonstrate their patriotism, and the way they
finance it.

Sincerely,

Jason Coombs
jasonc () science org

-----Original Message-----
From: RD D [mailto:rdd37it () hotmail com]
Sent: Tuesday, November 12, 2002 8:15 AM
To: security-basics () securityfocus com
Subject: PATRIOT Act IT Security guidelines


Hello All --

I have been researching the PATRIOT Act as it relates to data protection.
Essentially, the Act requires financial institutions to gather information
regarding terrorists and suspected terrorists, and monitor accounts which
they maintain for any links to the suspects.

I am interested in finding any guidelines on how this sensitive information
must be protected, potential penalties for negligence, and any reporting
requirements for intrusions or other incidences.

I have not been able to find very detailed information beyond what was
originally stated in the Act, which specifies that the Secretary of the
Treasury shall, in the future, enact regulations to:
"further establish procedures for the protection of the shared information,
consistent with the capacity, size, and nature of the institution to which
the particular procedures apply."

I believe the deadline for these additional regulations to be enacted has
passed, but have not been able to locate anything.

Thank you very much for any assistance.

Bob






_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8.
http://join.msn.com/?page=features/junkmail