Beers, Hamerman & Company, P.C.
 
FEDERAL TRADE COMMISSION ESTABLISHES NEW IDENTITY THEFT PREVENTION REQUIREMENTS FOR CERTAIN BUSINESSES AND OTHER ORGANIZATIONS – COMPLIANCE DATE IS JUNE 1, 2010

The Federal Trade Commission’s Red Flags Rule requires many businesses and organizations to implement a written identity theft prevention program by June 10, 2010. Your organization may be subject to this rule, and if you haven’t already taken steps to comply, your best course of action is to find out more about these rules right away by reading the Federal Trade Commission’s publication: Fighting Fraud with the Red Flags Rule: A How To Guide for Business. You can access this publication at www.ftc.gov/redflagsrule

Broadly speaking, the Red Flags Rule applies to businesses and organizations that satisfy a two-part test:

  1. The entity is a creditor because it does not regularly demand payment in full for services or supplies at the time of service or delivery, and
  2. The entity maintains covered accounts designed to permit multiple customer payments. The clearest type of covered account is a consumer credit card, mortgage loan, auto loan, margin account, cell phone or other utility account. However, the Federal Trade Commission (FTC) has established a second type of covered account which it defines as “any other account that ... a creditor offers for which there is a reasonably foreseeable risk to customers ... or to the creditor from identity theft, including financial, operational, compliance, reputation or litigation risks.” This second type of account could easily include client or customer accounts of small businesses or other organizations.

If the entity meets these tests, then the Red Flag Rules apply and the entity would be required to implement reasonable policies and procedures to mitigate the identity theft risks or “red flags”. The FTC defines red flags as suspicious pattespecific activities, which indicate the possibility of identity theft.

Key “Red Flags” requirements:

  • Designate a compliance officer
  • Develop a written identity theft prevention program
  • Perform a risk assessment to uncover identity theft “red flags” and follow up with periodic audits
  • Develop an employee training program for employees who handle sensitive information and train them to identify, detect and respond to “red flags”
  • Obtain approval by the board or senior management
  • Annual review of policies and procedures The fines can be up to $3,500 per violation for companies who fail to comply with the “Red Flags Rule”

If you would like to discuss the impact of these new rules on your organization, please feel free to call us at 203-787-6527 or contact us through our website at www.bhco.com.