The Red Flag Identity Protection Requirements will fly May 1st
In 2003, Congress passed the Fair and Accurate Credit Transactions (FACT). Pursuant to the Act, the FTC issued regulations known as the "Red Flag" rules to govern the banks, credit unions, or others that holds "consumer transaction accounts." It also covers creditors (which includes telecommunication companies as well as mortgage brokers, car dealers and many others). After many delays, these rules officially come into effect May 1, 2009.
The point of these rules is to combat identity theft. Any covered creditors must establish a written identity theft prevention program to prevent identity theft in their practices. According to the FTC, the rules fall into five categories:
The FTC website "Fighting Fraud with the Red Flag Rules," though not the catchiest title, provides considerable help and guidance. I anticipate that given the FTC's role, these rules will quickly become best practices for all institutions holding identity data and that from there, the failure to meet those best practice could become an unfair trade practice if the situation were sufficiently egregious. In other words, the Red Flag Rules have the potential to be the national identity protection statute that has been missing for so long.
Even if it does not evolve directly into such a statute, state and even municipal lawmakers may look to these rules for guidance on additional legislation. This helps explain why companies were trying so hard to slow their adoption. But the time has finally come. Now we will see whether these regulations have any practical impact on the growing pandemic of identity theft.
The point of these rules is to combat identity theft. Any covered creditors must establish a written identity theft prevention program to prevent identity theft in their practices. According to the FTC, the rules fall into five categories:
- alerts, notifications, or warnings from a consumer reporting agency;
- suspicious documents;
- suspicious personally identifying information, such as a suspicious address;
- unusual use of – or suspicious activity relating to – a covered account; and
- notices from customers, victims of identity theft, law enforcement authorities, or other businesses about possible identity theft in connection with covered accounts.
The FTC website "Fighting Fraud with the Red Flag Rules," though not the catchiest title, provides considerable help and guidance. I anticipate that given the FTC's role, these rules will quickly become best practices for all institutions holding identity data and that from there, the failure to meet those best practice could become an unfair trade practice if the situation were sufficiently egregious. In other words, the Red Flag Rules have the potential to be the national identity protection statute that has been missing for so long.Even if it does not evolve directly into such a statute, state and even municipal lawmakers may look to these rules for guidance on additional legislation. This helps explain why companies were trying so hard to slow their adoption. But the time has finally come. Now we will see whether these regulations have any practical impact on the growing pandemic of identity theft.
