FTC tips for the red flag rules

+++

Are you complying with the Red Flags Rule?

The Red Flags Rule requires many businesses and organizations to implement a written Identity Theft Prevention Program designed to detect the warning signs — or “red flags” — of identity theft in their day-to-day operations. By identifying red flags in advance, businesses will be better equipped to spot suspicious patterns that may arise — and take steps to prevent a red flag from escalating into a costly episode of identity theft.

Resources on this site can help business people educate their staff and colleagues about complying with the Red Flags Rule.

What Compliance Looks Like

Your Identity Theft Prevention Program is a “playbook” that must include reasonable policies and procedures for detecting, preventing, and mitigating identity theft. Your Program should enable your organization to:

  1. identify relevant patterns, practices, and specific forms of activity — the “red flags” — that signal possible identity theft;
  2. incorporate business practices to detect red flags;
  3. detail your appropriate response to any red flags you detect to prevent and mitigate identity theft; and
  4. be updated periodically to reflect changes in risks from identity theft.

The Red Flags Rule also includes guidelines to help financial institutions and creditors develop and implement a Program, including a supplement that offers examples of red flags.

The FTC and the federal financial agencies have issued Frequently Asked Questions and answers to help businesses comply with the Rule.

Who Must Comply with the Red Flags Rule?

The Rule requires “financial institutions” and “creditors” that hold consumer accounts designed to permit multiple payments or transactions — or any other account for which there is a reasonably foreseeable risk of identity theft — to develop and implement an Identity Theft Prevention Program for new and existing accounts. The definition of “financial institution” includes:

  • all banks, savings associations, and credit unions, regardless of whether they hold a transaction account belonging to a consumer; and
  • anyone else who directly or indirectly holds a transaction account belonging to a consumer.

A change in the law on December 18, 2010 amended the the definition of “creditor,” and limits the circumstances under which creditors are covered. The new law covers creditors who regularly, and in the ordinary course of business, meet one of three general criteria. They must:

  • obtain or use consumer reports in connection with a credit transaction;
  • furnish information to consumer reporting agencies in connection with a credit transaction; or
  • advance funds to — or on behalf of — someone, except for funds for expenses incidental to a service provided by the creditor to that person.

Bookmark this site and check it often for revisions that reflect changes in the law.

 


 

 

Related Topics

Protecting Personal Information: A Guide for Business

Are you taking steps to protect personal information? Safeguarding sensitive data in your files and on your computers is just plain good business. After all, if that information falls into the wrong hands, it can lead to fraud or identity theft.

Avoid ID Theft: Deter, Detect, Defend

A one-stop national resource to learn about the crime of identity theft. It provides detailed information to help you deter, detect, and defend against identity theft.

OnGuard Online

Provides practical tips from the federal government and the technology industry to help computer users be on guard against Internet fraud, secure their computers, and protect their personal information.

Privacy Initiatives

Educates consumers and businesses about the importance of personal information privacy, including the security of personal information.

car dealers…..is your red flag ITPP current ??

+++++

ITPP = identity theft protection program

required of all car dealers offering credit as of jan 1, 2011

+++++

SACRAMENTO – Attorney General Kamala D. Harris today announced the creation of the Privacy Enforcement and Protection Unit in the Department of Justice which will focus on protecting consumer and individual privacy through civil prosecution of state and federal privacy laws.

“In the 21st Century, we share and store our most sensitive personal information on phones, computers and even the cloud. It is imperative that consumers are empowered to understand how these innovations use personal information so that we can all make informed choices about what information we want to share,” said Attorney General Harris. “The Privacy Unit will police the privacy practices of individuals and organizations to hold accountable those who misuse technology to invade the privacy of others.”

The California Constitution guarantees all people the inalienable right to privacy. The Privacy Unit will protect this constitutionally-guaranteed right by prosecuting violations of California and federal privacy laws. The Privacy Unit centralizes existing Justice Department efforts to protect privacy, including enforcing privacy laws, educating consumers and forging partnerships with industry and innovators.

The Privacy Unit’s mission to enforce and protect privacy is broad. It will enforce laws regulating the collection, retention, disclosure, and destruction of private or sensitive information by individuals, organizations, and the government. This includes laws relating to cyber privacy, health privacy, financial privacy, identity theft, government records and data breaches. By combining the various privacy functions of the Department of Justice into a single enforcement and education unit with privacy expertise, California will be better equipped to enforce state privacy laws and protect citizens’ privacy rights.

The Privacy Unit will reside in the eCrime Unit and will be staffed by Department of Justice employees, including six prosecutors who will concentrate on privacy enforcement. Joanne McNabb, formerly of the California Office of Privacy Protection, will serve as the Director of Privacy Education and Policy, and will oversee the Privacy Unit’s education and outreach efforts.

Protecting the privacy of Californians is one of Attorney General Harris’s top priorities. The creation of the Privacy Enforcement and Protection Unit follows the forging of an industry agreement among the nation’s leading mobile and social application platforms to improve privacy protections for consumers around the globe who use apps on their smartphones, tablets, and other electronic devices. The platform companies who signed on to that agreement — Amazon.com Inc., Apple Inc., Facebook, Google Inc., Hewlett-Packard Company, Microsoft Corporation and Research in Motion Limited — agreed to privacy principles designed to bring the industry in line with California law requiring apps that collect personal information to post a privacy policy and to promote transparency in the privacy practices of apps.

Attorney General Harris established the eCrime Unit in 2011 to prosecute identity theft, data intrusions, and crimes involving the use of technology. The eCrime Unit provides investigative and prosecutorial support to the five California regional high-tech task forces funded through the High Technology Theft Apprehension and Prosecution Trust Fund Program and provides coordination for out-of-state technology-crime investigation requests. The eCrime Unit also develops and provides training for law enforcement officers, prosecutors, the judiciary and the public on cyber safety and the importance of strong information-security practices.

The February 2012 press release announcing the apps agreement can be found here:http://oag.ca.gov/news/press-releases/attorney-general-kamala-d-harris-secures-global-agreement-strengthen-privacy

The June 2012 press release announcing that Facebook joined the apps agreement can be found here: http://oag.ca.gov/news/press-releases/attorney-general-kamala-d-harris-announces-expansion-california%E2%80%99s-consumer

The December 2011 press release announcing the creation of the eCrime Unit can be found here: http://oag.ca.gov/news/press-releases/attorney-general-kamala-d-harris-announces-creation-ecrime-unit-targeting

# # #