Complying with the FTC’s Red Flags Rule

​The Federal Trade Commission (FTC) has established a measure to combat identity theft. After several delays, enforcement of the “Red Flags Rule” began January 1, 2011. The Red Flags Rule does not apply to all employers, but for applicable industries, it directs how identity theft prevention programs must be developed, implemented, and administered.

There are two industries that must follow the rule. The first is financial institutions such as banks, savings and loans, credit unions, and other persons who, directly or indirectly, hold a transaction account belonging to a consumer. The second industry is “creditors,” a term that encompasses a spectrum of businesses or organizations that regularly defer payment for goods or services or provide goods or services and bill customers later. Utility companies, health care providers, and telecommunications companies are among the entities that may fall within this definition, depending on how and when they collect payment for their services.

Since the Red Flags Rule does not enter into the purview of the employer/employee relationship, MSEC recommends consulting the FTC website and clicking on Fighting Fraud with the Red Flags Rule: A How-To Guide for Business for complete information on complying with the Red Flags Rule.