The Red Flags rule, designed to tighten data security and fight ID theft, come into force on May 1. The FTC has launched a web site designed to help businesses determine if they need to comply, and how to do so.
According to the agency’s “How-to” guide (click here for a pdf version), the Red Flags rule mandates:
- The establishment of a program that includes reasonable policies and procedures
to identify the “red flags” of identity theft you a business may run across during its day-to-day operations.
- the Program implemented must be designed to detect the specific red flags that have been identified.
- the prorgram implemented spell out appropriate actions that will be taken red flags are detected.
- a process to re-evaluate current policies and programs
- implementation of policies into business practices.
Those institutions who must comply with the new rule include:
- Financial Institutions; and
- Creditors (entities who regularly grant or arrange loans or extend credit to consumers or businesses, or make “credit decisions.”)
The rules were initially slated to become effective on November 1, 2008, but the FTC granted businesses a six-month delay. That reprieve is now ending, however.