The New Red Flags Rule By: Tracie Schmidt The Federal Trade Commission recently created the Red Flags Rule, as enacted in an amendment to the Fair & Accurate Credit Transactions Act of 2003, in an effort to address and combat the “red flags” of identity theft. The new rules apply to financial institutions and creditors that maintain “covered accounts,” which are used mostly for personal, family or household purposes. These accounts involve multiple payments or transactions, such as credit card accounts, mortgage loans, and automobile loans, as well as accounts that have a foreseeable risk of being susceptible to identity theft, such as small business or sole proprietor accounts. The rule requires all creditors, defined as those who provide services for deferred payment and that regularly engage in the continuation of credit (including assignees of original credit), to create and maintain a written identity theft prevention policy or program that is designed to guard the personal information of their clients or customers and detect the warning signs of identity theft in their daily operations. These policies should address reasonably foreseeable risks of identity theft, give steps to be taken to prevent such theft, and establish a plan to mitigate any associated harm. The Rule requires that these policies are to be in place and in effect as of November 1, 2009. Noncompliance with this rule carries civil penalties of up to $2,500 for each violation, with state agency enforcement resulting in $1,000 for each willful violation. Although the Rule mandates that all creditors have a policy in place, it does not detail any specific procedures or provisions that must be included in such a policy. Because this rule will apply to a large number of businesses and professionals, the Federal Trade Commission has published a “fill-in” guide to help businesses and organizations that are likely to be considered low-risk businesses who still qualify as a “creditor” and therefore require having a policy in place. This guide is available at http://www.ftc.gov/bcp/edu/pubs/business/idtheft/bus23.shtm. For more information on implementing a Red Flags Policy for your company, visit F&R’s website at www.fandrlaw.com.
|
