Federal Trade Commission Red Flag Rule -- Law change as of December 2010
As stated by the Federal Trade Commission and as indicated in the above link, verbatim:
The following is a direct statement from the federal trade commission website,http://www.ftc.gov/bcp/educ/micro sites/red flag rule/index.shtml
" Are you complying with the Red Flags Rule?"
The Red Flags Rule (in the majority of cases The Red Flags Rule applies to nonprofit health centers and other nonprofits that have a client billing system)
"Requires many businesses and organizations to implement a written identity theft Prevention Program designed to detect the warning signs — or "red flags" — of identity theft in their day-to-day operations. By identifying red flags in advance, businesses will be better equipped to spot suspicious patterns that may arise -- and take steps to prevent a red flag from escalating into a costly episode of identity theft. Resources on this site can help business people educate their staff and colleagues about complying with the Red Flags Rule."
"What Compliance Looks Like?"
"Your Identity Theft Prevention Program is a "play book"that must include reasonable policies and procedures for detecting, preventing,and mitigating identity theft. "
"Your Program should enable your organization to:
1. identify relevant patterns, practices, and specific forms of activity — the "red flags" — that signal possible identity theft;
2. incorporate business practices to detect red flags;
3. detail your appropriate response to any red flags you detect to prevent and mitigate identity theft; and
4. be updated periodically to reflect changes in risks from identity theft. "
"The Red Flags Rule also includes guidelines to help financial institutions and creditors develop and implement a Program, including a supplement that offers examples of red flags. The FTC and the federal financial agencies have issued and answers to help businesses comply with the Rule."
"Who Must Comply with theRed Flags Rule?"
"The Rule requires "financial institutions" and"creditors" that hold consumer accounts designed to permit multiple payments or transactions -- or any other account for which there is a reasonably foreseeable risk of identity theft -- to develop and implement an identity Theft Prevention Program for new and existing accounts. "
"The definition of "financial institution" includes:
"A change in the law on December 18, 2010 amended the the definition of "creditor," and limits the circumstances under which creditors are covered. The new law covers creditors who regularly, and in the ordinary course of business, meet one of three general criteria. They must: