Monday, April 18, 2011

California Regulations

There seems to be a lot of interest in doing a couple of conferences with small businesses on regulations.

While not finalized we are thinking of doing one in Southern California and one in Northern California.

The goal is put together a White Paper on this subject and present it to the Governor and Legislature.

I am going to add as section to our website listing burdensome regulations for small business. I would appreciate you sending to me what is burdensome for your business.

Please see below what is for me very difficult if not impossible for me in my business.

Scott Hauge
Small Business California
2311 Taraval Street
San Francisco, CA 94116

The DMV is now auditing agents and brokers for this information. It is a summary of a 53 page handbook and list the requirements of agents and brokers because we obtain drivers license information.

• What privacy policies has the organization established with respect to the collection, use, and retention of DMV information?

• Do you have a written information security program or policy? If yes, please provide a copy of the policy.

• Identify the locations, systems, and methods for storing, processing, transmitting, and disposing of DMV information

• Please describe your procedures in the event of a security breach.

• How are employees with access to DMV information trained in privacy protection?

• Do you maintain an Information Security Statement (DMV Form INF 1128) for each employee authorized to access DMV records (If yes, please provide us with copies of these statements).

• Do you have a list of inactive or terminated employees that had access? (If applicable, please provide us with a copy of this listing).

• How many computer terminals are capable of making inquiries? Where are they located? Are the terminals secured when unattended? Explain how they are secured.

• Your terminals that access DMV records should display a “warning banner” containing some variation of the following admonishment: “WARNING: Unauthorized access or misuse of data may result in adverse action and/or criminal prosecution.” Does this banner display?

• Do you keep a log of all inquiries made? If yes, provide log.

• Describe access controls on computer systems containing DMV information to prevent access by unauthorized staff or other individuals.

• How often are passwords required to be changed? How are password changes initiated?

The questionnaire further requires the agency to provide a copy of the agency’s Requesters Information Security Program or Policy, Information Security Statements for the past two years, a list of inactive or terminated employees, a list of current authorized users, a list of current user terminals, and an inquiry log for inquiries processed in April 2008.

No comments: