New ID Theft Red Flags Rule Affects Small Biz?

Small business owners have federal new requirements to protect against identity theft in their businesses.

The Federal Trade Commission (FTC) estimates that over 9 million Americans are victims of identity theft annually. As a result, the FTC introduced what is known as the "red flags" rule that was slated to be enforced back in November 2009. The so-called red flags rule requires that certain creditors and organizations with covered accounts implement programs that would identify, detect and address warning signs of possible identity theft in the course of business.

According to the FTC, the red flags programs implemented by such businesses must:

• Identify relevant patterns, practices and specific forms of business activity that are "red flags" of possible identity theft.
• Detect those red flags.
• Respond appropriately to any red flags that are detected and help mitigate identity theft of consumers.
• Update the program periodically in order to ensure that the program is up to date.

This red flags rule initially covered any business or organization that had covered accounts. However, the red flags rule was recently modified on Dec. 31 2010. SC Magazine reports that the red flags rule has been modified so that lawyers, doctors, and accountants are exempt from having to comply with this rule.

Under the new law, only businesses and organizations that utilize consumer reports in conjunction with credit transactions, provide information to consumer reporting agencies, or loan money will be affected by the new red flags rule. This means that most small businesses that offer services may not have to comply with the red flags rule. 

Related Resources:

• FTC "Red Flags" Rule Live on Nov 1st: Is Your Small Biz Covered? (FindLaw's Free Enterprise Blog)
• ABA Raises Red Flag Over New Rules on Identity Theft (FindLaw's Strategist Blog)
• Filings Support ABA Effort in Red Flags Rule Case (FindLaw's Strategist Blog)