social security numbers

Protecting the Privacy of Social Security Numbers Act | S. 141

Congress yet again is combating the fraud issues associated with private consumer information. The “Protecting the Privacy of Social Security Numbers Ac” (S. 141) is another good example of this.

Essentially, this bill encompasses the following measures:

It prohibits any person from displaying, selling, purchasing an individual’s Social Security number without the affirmative, express consent of the individual, subject to a number of exceptions (e.g., for national security, law enforcement, or public health purposes, or if the display is required, authorized, or excepted under any Federal law). This bill would also would prohibit any federal, state, or local government from displaying Social Security numbers on public records posted on the Internet or from printing them on government checks.

What is interesting to note is a clause at the beginning of the bill where the Senate actually “acknowledges” the seriousness of these issues by stating the following:

“The inappropriate display, sale, or purchase of Social Security numbers has contributed to a growing range of illegal activities, including fraud, identity theft, and, in some cases, stalking and other violent crimes.”

Again, yet another example of how security and privacy will continue to be a formidable topic in Washington, D.C. and rightfully so.

Visit the official SAS 70 Resource Guide and the official PCI DSS Resource Guide to learn about two of the most prominent and well-known compliance issues affecting businesses today.

SAS 70 for Payroll Companies | Tips on SAS 70 Type II Compliance

SAS 70 for payroll companies is fast becoming a requirement in this industry. And why? Because payroll companies conduct critical and material outsourcing functions for many organizations in today’s business arena. What’s more, they have a responsibility to protect vital consumer information, such as social security numbers, dates of birth, federal EIN tax numbers, just to name a few.

Add to the notions of the high degree of risk in this industry, and it’s quite easy to see how payroll companies are being asked to become SAS 70 Type II compliant.

The scope of a SAS 70 audit for a payroll company will include a host of general controls along with specific business process operational controls that examine and test the payroll life cycle, from start to finish- that is, from how consumer information is obtained to the final issuance of hard checks or electronic direct deposit.

To learn more about SAS 70 audits, visit the official SAS 70 Resource Guide, where a wealth of information can be obtained on both Type I and Type II audits.