Starting on Dec. 31, 2010, the enforcement of the Federal Trade Commission's "red flags rule" is in effect. The FTC "red flags" rule mandates that specific businesses or organizations that are considered "creditors" must have a written identity theft program in place that is designed to detect "red flags" or possible warning signs of identity theft that may occur in the course of business, reports NHBR.com.
According to the FTC, the red flags rule dictates that there must be four elements in a business' program:
- Reasonable policies and procedures to identify the "red flags" of identity theft in daily operation of the business.
- The program should be designed to detect the red flags that have been identified.
- The program must outline the actions a business will take once it detects these red flags.
- The program must be re-evaluated periodically in order to address new risks of identity theft.
Fewer businesses will be affected by the new FTC rule, IFAwebnews reports. This is because the definition of what businesses fall under the term "creditor" has been narrowed. When the red flags rule was first introduced in 2007, any business that billed customers in arrears for services provided was considered a "creditor."
While the amount of businesses affected by this rule has been narrowed, it still helps for general counsels to be aware of which businesses are still affected. Park Avenue Presentations is holding a webinar on January 19, 2011 about everything you need to know about the FTC's red flags rule. For more general information, please visit our Related Resources links.
- Filings Support ABA Effort in Red Flags Rule Case (FindLaw's Strategist Blog)
- FTC "Red Flags" Rule Live on Nov 1st: Is Your Small Biz Covered? (FindLaw's Free Enterprise Blog)
- ABA Raises Red Flag Over New Rules on Identity Theft (FindLaw's Strategist Blog)