Our Consumer Protection Program was put in place to hold us and all applicable vendors accountable. It helps ensure the protection of our customers’ private and financial information.
We have put the following systems, processes, and people in place to warrant us a vendor of choice.
Card Data Security
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure a secure environment is maintained by all companies that process, store, or transmit credit card information. Our procedures including, increased encryption within our system, enhanced firewalls, numerous written policies, and new sign in procedures for online account access, all meet PCI DSS requirements.
The Red Flags Rule (RFR) requires that certain businesses and organizations develop, document, and implement extensive procedures to protect consumers from identity theft. Any creditor or financial institution allowing covered accounts must implement a program to address the federally-mandated Red Flags Rule. TASC is considered a creditor and must comply.
Our Red Flag procedures facilitate
Fraud, Fees and Funds
The Statement on Standards for Attestation Engagements No. 16 (SSAE 16) Type II audit, established by the American Institute of Certified Public Accountants (AICPA), is not required for privately held companies. Nonetheless, TASC successfully completes this audit on a biannual basis. A private accounting and auditing firm performs the process control examination, an in-depth, six-month procedural audit of our controls over information technology, privacy, security, and related transactional processes.
In addition, we have an internal auditor on staff who oversees all TASC internal controls related to human resources, administrative processes, and technology.
Health Insurance Portability & Accountability Act
The Privacy Rule of the Health Insurance Portability & Accountability Act (HIPAA) provides privacy guidelines for individuals and organizations such as physicians, nursing homes, health insurance companies, and Medicare. The guidelines cover how these entities may use and disclose Protected Health Information (PHI) or data that can directly or indirectly reveal a patient’s identity. We are responsible for protecting participants’ PHI.
The HIPAA Security Rule expands on the Privacy Rule, and specifically addresses measures to safeguard PHI in an electronic format that protects it from distribution to unauthorized recipients. Besides using encryption software to protect emails, we include an email disclaimer with all electronic messages.
The Gramm-Leach-Bliley (GLB) Act, also known as the Financial Modernization Act of 1999, is a federal law enacted to control the ways in which financial institutions deal with an individual’s private information. The Act consists of three sections. (1) The Financial Privacy Rule regulates the collection and disclosure of private financial information. (2) The Safeguards Rule stipulates that financial institutions must implement security programs to protect private financial information. (3) Pretexting provisions prohibit the practice of pretexting (accessing private information under false pretenses). The Act also requires that financial institutions provide customers written privacy notices which explain their information-sharing practices. Because we hold participant funds and maintains financially-related information (such as bank account and routing numbers for clients and participants), we must comply with this Act.
Across the nation some states have enacted their own laws regarding the security of their residents’ private identifiable information, further protecting them from identity theft. TASC complies with these individual state regulations, as pertinent, as well.
Our Confidentially Speaking program guarantees TASC employees, customers, vendors, and the public a way to safely and anonymously communicate with management regarding sensitive information with an anonymous reporting hotline. It is administered by an outside source to ensure confidentiality.
Individuals are encouraged to promptly report serious problems or concerns such as the occurrence of unacceptable activity and unethical behavior within our organization. Specific topics include auditing concerns, conflict of interest, falsification of information, theft, fraud, and more. Issues are investigated and escalated as necessary and appropriate. Comments and feedback are taken seriously and may directly affect the success and culture of our organization.
At TASC we know how vital it is that we ensure adequate controls and safeguards are in place, just as they should be for each and every service organization which hosts or processes data belonging to their customers. We believe our Consumer Protection Program demonstrates our commitment to excellence.