Red Flag Rules: Federal Identity Theft Prevention Requirements

1
Red Flag RulesFederal Identity Theft Prevention
Requirements

• Federal Identity Theft
• Program Requirements

2
(No Transcript)
3
(No Transcript)
4
(No Transcript)
5
3 Rules From History

• 1. There is a Long History of ID Theft
• 2. Even the Rich and Powerful are
  Vulnerable and
• 3. Never Trust a Russians Identification!

6
...Or So He Says!
7
3 Most Common Sources of Identity Theft

• 1. Credit Card Companies
• 2. Cell Phone Companies and
• 3. Utilities.

8
Congress Responds By Passing The Fair and
Accurate Credit Transactions Act of 2003
9
RED FLAG RULES
10
Do You Have to Adopt a ID Theft Program under the
Red Flag Rules?

• The Red Flag Rules apply to creditors who hold
  covered accounts.

11
Creditor is defined as...

• ...any person who regularly extends, renews, or
  continues credit...

12
According to the FTC, if non-profit and
government entities defer payment for goods or
services, they are considered to be a creditor.
13
Covered Account is defined as...

• an account that a creditor offers or maintains
  primarily for personal, family or household
  purposes that involves or is designed to permit
  multiple payments of transactions and
• Any other account that poses a reasonably
  foreseeable risk to the creditor or its customers
  from identity theft.

14
The Red Flag Rules specifically include utility
accounts as covered accounts.
15
According to the FTC, if non-profit and
government entities defer payment for goods or
services, they are considered to be a creditor.
16
The Bottom Line

• A municipality is probably required to adopt an
  identity-theft-prevention program if it provides
  goods or services and sends out a bill.

17
4 Required Program Elements

• Identify what constitutes a Red Flag
• Detect a Red Flag when it occurs
• Respond appropriately to the Red Flag
• Ensure periodic updates of the Program

18
Flexibility in the Program

• Each Creditor Should Tailor their Program to
  Reflect their Size and Complexity as well as the
  Size of Their Operations.

19
Factors to Consider when Tailoring Your Program

• The Types of Covered Accounts that you Offer or
  Maintain
• Your Methods for Opening Covered Accounts
• Your Methods for Providing Access to Covered
  Accounts and
• Your Previous Experience with ID Theft.

20
Penalties For Failure to Comply with the Red Flag
Rules

• The FTC may go to court and seek civil penalties
  for knowing violations constituting a pattern or
  practice of violating the Act.
• Civil liability for willful and negligent failure
  to comply with FACT Act requirements.

21
Data Security

• Security Culture
• Lock it up
• Pitch it out
• Electronic Security
• Monitor outside providers

22
Data Security Audits

• What data is collected?
• How is it obtained?
• How is it stored?
• How is it processed?
• Who has access?
• How is it secured?

23
Questions?
24
RED FLAG RULES