Blooston, Mordkofsky, Dickens, Duffy & Prendergast, LLP
CALL TO ACTION:
FTC REQUIRES MOST BUSINESSES TO ADOPT A RED FLAG ID THEFT PROGRAM
URGENT: PROMPT ACTION REQUIRED
The Federal Trade Commission (FTC) has established “Red Flag” Rules which are designed to prevent identity theft. Under the new rules, all businesses that maintain a creditor-debtor relationship with customers, including virtually all telecommunications carriers, must adopt written procedures designed to detect the relevant warning signs of identify theft, and implement an appropriate response. The Red Flag compliance program deadline is November 1, 2008 . The FTC has announced a six-month delay in the enforcement of the new rules, until May 1, 2009 . However, the stay in enforcement does not change the effective date of the rules, and it may be possible for some of the civil penalties/actions authorized under the Red Flag statute to be brought any time after Nov. 1. Therefore, it is still a good idea to adopt the procedures by the original deadline, or as close thereto as possible.
The FCC recently issued several hundred letters to telecom carriers inquiring about compliance with the CPNI rules, which is the FCC’s version of identity protection rules. The FTC may employ this same sort of audit approach. To avoid the possibility of fines or other sanctions, as well as liability exposure, we strongly recommend that all of our clients move quickly to determine whether the red flag requirements apply to any of their operations, and move expeditiously to implement a compliant program.
The requirements are not just binding on telcos and wireless carriers that are serving the public on a common carrier basis. They also apply to any “creditor” (which includes entities that allow payment after delivery of goods or services) that has “covered accounts” (accounts used mostly for personal, family or household purposes). This also may affect private user clients who use radios internally, as well as many telecom carriers’ non-regulated affiliates and subsidiaries. If you have any question about whether the Red Flag Rules apply to you, please contact the firm.
BloostonLaw has prepared a Red Flag Compliance Manual to help your company achieve compliance with the Red Flag Rules. The program must be managed by the Board of Directors or senior management employees of the company, and must provide appropriate training and oversight of the company’s staff. These measures are required in addition to those mandated by the FCC’s CPNI rules. The cost of the compliance manual is $400.00. Under the Red Flags Rules, you must develop a written program (i.e., manual) that identifies and detects the relevant warning signs – or “red flags” – of identity theft. These may include, for example, unusual account activity, fraud alerts on a consumer report, or attempted use of suspicious account application documents. The program must also describe appropriate responses that would prevent and mitigate the crime and detail a plan to update the program. The program must be managed by the Board of Directors or senior employees of the financial institution or creditor, include appropriate staff training, and provide for oversight of any service providers. The Red Flags Rules provide all financial institutions and creditors the opportunity to design and implement a program that is appropriate to their size and complexity, as well as the nature of their operations. Guidelines issued by the FTC, the federal banking agencies, and the National Credit Union Administration (NCUA) should be helpful in assisting covered entities in designing their programs.
Please indicate below whether you would like to obtain the Red Flag Compliance Manual. Please return this form to us at your earliest convenience. Please call John Prendergast (202) 828-5540, Gerry Duffy (202) 828-5528 or Mary Sisak (202) 828-5554 with any questions you may have.
Any problems with this website should be referred to the webmaster.
Copyright © 2001-2009 Blooston, Mordkofsky, Dickens, Duffy & Prendergast. All rights reserved.