I promised that I would discuss in detail what the Red Flag Rule says concerning the responsibilities of creditors to their customers and or clients. Below is an article by the FTC that spells it out in a simple way.
Consumers/clients, it is important that you are aware of this rule and what responsibilities your creditors have in protecting your valuable information. It also tells you to what limits they can go to do so.
Businesses', it is extremely important that you understand what your responsibilities are towards your clients and customers. Not understanding your role in this will cost you.
Red Flags Rule Businesses do you have one in place?
As of the 31st of December 2010, the Federal Trade Commission is enforcing a regulation called the “Red Flags Rule.” Technically the rule has been in effect since Nov. 1, 2008. Now, with passage of the Clarification Act, it is now been enforced by federal regulators
What is the Red Flags Rule? It is a regulation that requires any company, firm or organization that functions as a creditor and maintains covered accounts to implement a written identity theft prevention program. This program must be designed to detect the warning signs or “red flags” of foreseeable identity theft they may encounter everyday business operations. If you are a financial institution or a creditor of any kind, it applies to you. If you are a company that bills customers for services you have provided, the regulation applies to you. If you have covered accounts for customers, it applies to you.
The FTC uses the word “creditor” very broadly and so let us discusses what falls under the word “creditors”. If your company, nonprofit permits deferred payments of debt you are a creditor. Examples include a phone retail store that accepts monthly payments or a youth sports programs that accept tuition payment installments or a mom and pop business that keeps account of a customer’s tab etc. “Creditors” also include business to business transactions concerning deferred payment of any debt.The key here is, as long as you defer payments, you are a creditor Penalty for non compliance of this regulation is a $2,500 per penalty.
This regulation was put in place to move beyond just data security policies companies, businesses, and government entities have, and increase the demands on them to slow the identity theft epidemic. The risk to address in the plan varies widely based on organizations and industries. But the FTC spells out the essential features of an effective compliance plan. Please go to the FTC resources to find out what they are, or better yet, contact a CFE who will help you put a plan together based on the requirements
Retrieved from www. FTC COMPLIANCE RESOURCES
