The Federal Trade Commission (FTC) hasstated that it will begin enforcement of the Red Flags” Rule, a federal law requiring creditors and financial institutions to develop written plans to prevent and detect identity theft. Members of the Investment Recovery Association that would likely be covered by this ruling would be utility companies, health care providers, telecommunications firms; essentially any organization that regularly
extends credit to other businesses.
The Red Flags Rule was promulgated by the FTC and other federal agencies charged with overseeing compliance to the Financial Service Modernization Act and other federal legislation. It states that organizations considered to be creditors must:

1. Identify where the personal information of their clients is at risk of unauthorized access;
2. Develop written procedures to mitigate that risk;
3. Detect unauthorized access if or when it happens.

Companies effected by the Red Flags Rule need to have a written identity theft prevention program that includes clear identification of each area of vulnerability— including the retirement of end-of-life electronics assets containing potentially sensitive information. The FTC has delayed enforcement of the Red Flags rule until November 1, 2009 and has provided guidance in a series of frequently asked questions (FAQs) posted to its website:
Reprinted from ASSET 2.0, the Investment Recovery Business Journal, Vol. 5, 2009

© The Investment Recovery Association



Click Here to Download Full Issues of Asset 2.0