Q+A CENTER

The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act, endeavors to defend data held by financial institutions. Its Safeguards Rule mandates a security plan to maintain confidentiality and integrity of personal consumer information. And, the Privacy Rule extends that directive to non-bank companies which engage in “financial activities” and related services. The Act also assigns enforcement authority to Washington, D.C.—the Federal Trade Commission and the Federal Banking Regulatory Agencies, the National Credit Union Administration and the Securities and Exchange Commission.

Other regulations: The Sarbanes-Oxley Act, introduced in 2002, which includes identity provisioning. The Personal Information Protection and Electronic Documents Act of 2000 underpins a Canadian national standard for collecting, using and disclosing personal information. California has passed two bills to try to stem escalating identity thievery. Failure to comply may result in liabilities from class-action suits and irreversible corporate brand damage. Pennsylvania also has instituted a number of security protocols.

Clearly, privacy, the safekeeping of electronic data and computer/network security are high-ranking priorities, domestically and around-the-world.

The key to an enduring solution must subsume a technique which automatically can determine when an authenticated user no longer is present at his/her workstation. Then, it needs to terminate the active computer session if the operator fails or forgets to log-out manually: a capability commonly referred to as automated walk-away detection (AWD).

Unsurprisingly, a number of AWD methodologies have been and continue to be commercially available, depending on desired levels of protection. Following a user’s departure, they lock the computer, eliminating any latent vulnerability. For example, if no keyboard, mouse or touchpad activity is detected over a period (typically on the order of minutes), the system automatically shuts down. However, relying exclusively on inactivity still can leave abundant opportunity for fraudulent access.