The Red Flags Rule requires many businesses and organizations to implement a written Identity Theft Prevention Program designed to detect the warning signs — or “red flags” — of identity theft in their day-to-day operations. By identifying red flags in advance, businesses will be better equipped to spot suspicious patterns that may arise — and take steps to prevent a red flag from escalating into a costly episode of identity theft.
Why Do We Need The Red Flags Rule?
Identity theft is the fastest growing crime in America claiming over 9,000,000 victims in 2010. According to the FTC it takes and average of 250 hours of your time to fix your identity after it has been stolen. Confidential information protection laws are designed to eliminate the major source of identity theft; documents getting into the wrong hands.
What Compliance Looks Like
Your Identity Theft Prevention Program is a “playbook” that must include reasonable policies and procedures for detecting, preventing, and mitigating identity theft. Your Program should enable your organization to:
Identify relevant patterns, practices, and specific forms of activity — the “red flags” — that signal possible identity theft;
Incorporate business practices to detect red flags;
Detail your appropriate response to any red flags you detect to prevent and mitigate identity theft; and
Be updated periodically to reflect changes in risks from identity theft.
Who Must Comply with the Red Flags Rule?
Most companies. The Rule requires “financial institutions” and “creditors” that hold consumer accounts designed to permit multiple payments or transactions — to develop and implement an Identity Theft Prevention Program for new and existing accounts. The definition of “financial institution” includes:
All banks, savings associations, and credit unions, regardless of whether they hold a transaction account belonging to a consumer; and
Anyone who processes a credit card payment.
ShredQuick can help you write yourprivacy protection policy FREE as a service for clients. ShredQuick is an expert in privacy law compliance so you don’t have to be. ShredQuick attended the National Association for Information Destruction (NAID) privacy law workshop to teach us help you navigate privacy laws.
Comment for Are You Compliant With Red Flags Rule?