FTC Red Flag Rules

As businesses increasingly rely on technology to store and maintain data, including customer records, the risk of identity theft also is increasing. The Federal Trade Commission ("FTC"), together with federal banking regulatory agencies and the National Credit Union Administration, has adopted new regulations intended to combat identity theft. Known as the Red Flag Rules, these new regulations require financial institutions and creditors to develop and implement a written identity theft prevention program to identify and combat identity theft in connection with new and existing customer accounts.

If you are an operator that provides service in advance of payment, then your company is a "creditor" because your company regularly extends, renews or continues credit or defers payment for goods or services. The Red Flag Rules apply to each "covered account," which is a customer account involving multiple payments or transactions for which there is a foreseeable risk of identity theft. By contrast, a single, non-continuing transaction, where no ongoing relationship exists, is not a covered account. The Red Flag Rules may also apply to some of your business customers.

All companies subject to the Red Flag Rules are required to implement a written customer protection program by November 1, 2008. This program must be designed to detect a "red flag", which is a pattern, practice or specific activity that indicates the possible existence of identity theft. The FTC has identified five categories of Red Flags and provided a list of examples of the types of red flags that fall under each category. If you are providing interconnected voice or VoIP services, the Red Flag compliance program can be combined with your CPNI program required by the Federal Communications Commission's rules.

The customer protection program must include policies and procedures for: (i) detecting warning signs or "Red Flags" of identify theft, (ii) responding to any such Red Flags in a manner that will prevent or mitigate the identify theft, and (iii) updating the Program. The customer protection program must be managed by the Board of Directors or senior employees of the company if there is no Board of Directors. Also, the customer protection program must provide for staff training and oversight of your company's service providers.

Thank to Attorney Stephen E. Coran of Rini Coran, PC for providing this info.

The opinions and views expressed in comments, blogs, etc. are those of the authors alone and not necessarily those of TMC, TMCnet, or its editors. TMCnet reserves the right to edit, delete, or otherwise make changes to the content that appears on these pages at its own discretion and as it deems necessary.
September 26, 2008 3:58 PM | 3 Comments | 0 TrackBacks

Categories:

Tags:

Post a comment
View FTC Red Flag Rules news in TechnoratiTechnorati bookmark FTC Red Flag Rules in del.icio.usDel.icio.us Slashdot.comSlashdot Submit FTC Red Flag Rules to Digg.comDigg Twitter FTC Red Flag Rulestwitter

Listed below are links to sites that reference FTC Red Flag Rules:

FTC Red Flag Rules TrackBack URL : http://blog.tmcnet.com/mt/mt-tb.cgi/37582

3 Comments

Ken Dulaney | March 4, 2009 11:45 AM | Reply

I have emailed the FTC and would like to know if you are aware of any changes to the rules since the extension of the deadline to May 01, 2009.

Great post. Thank you for sharing this information.

Ken

Dr. Denise Sanfilippo | August 17, 2009 4:09 PM | Reply

We are trying to formulate a protocol for the red flag identity theft. When verifying a patient, do we make a copy of their photo identification (i.e., drivers license) for their chart, or is it adequate to see the ID and make a notation that it was shown. Please advise.

Leave a comment

Search


Related Entries

Recent Entries

Recent Comments

  • Dr. Denise Sanfilippo: We are trying to formulate a protocol for the red read more
  • anonymous: Extended again, this time to August 1, 2009: http://www.ftc.gov/opa/2009/04/redflagsrule.shtm read more
  • Ken Dulaney: I have emailed the FTC and would like to know read more

Subscribe to Blog

Categories

Tag Cloud

Blogroll

Recent Entry Images

  • one-on-one.jpg

Around TMCnet Blogs

  • Communications and Technology Blog - Tehrani.com:
    Interop New York 2009 Videos
  • On Rad's Radar?:
    Open Neutral Fair
  • VoIP & Gadgets Blog:
    VoIP in Google ChromeOS
  • Communications and Technology Blog - Tehrani.com:
    Back From Interop NY 2009
  • First Coffee:
    Unified360, Riff Raters for IPhone, AltiGen, DocuSign at Dreamforce
  • On Rad's Radar?:
    Mainly Cellular News Tidbits
  • The Readerboard:
    Make Customers Smile? Give Them Low Priced Half-Decent Products
  • VoIP & Gadgets Blog:
    StarTech.com ConXit Connection Wizard Helps You Find Right Connector

    • Latest Whitepapers

  • Seven Fundamental Plays from the Coaching All-Star Playbook
  • Building Blocks for a Solid At-Home Agent Program
  • Cost-Cutting Insurance for Customer Service
  • SIP Trunking ? 10 Things You Should Know
  • eBook: The Definitive Guide to Windows Application and Server Backup 2.0 ? Chapters 1-3
  • SQL Server Database Backup and Restore Planning
  • Deduplication: Effectively Reducing the Cost of Backup and Storage
  • Windows Server Disaster Recovery eguide
  • Leveraging Virtualization for Application Assurance
  • 11 Myths About Microsoft Exchange Disaster Recovery

    • TMCnet Videos

  • Business Video Briefing 5
  • Business Video Briefing 5
  • Business Video Briefing 5
  • Business Video Briefing 4
  • Interview with Verizon Labs
  • Interview with Awareness
  • Interview with Citrix
  • Interview with Astaro
  • Interview with Varaha System
  • Interview with snom