NEW RULES FOCUS ON IDENTITY THEFT REDFLAGS AND PREVENTION
Under a new federal law, businesses which bill their customers or clients after products or services have been provided are expected to implement a written program guarding against the theft of their employees’, customers’, or clients’ personal information.
The Federal Trade Commission will start enforcing its newly-adopted “red flag rules” on November 1, 2009. These new rules stem from the Fair and Accurate Credit Transaction Act of 2003 (FACTA). Identity theft typically involves the assumption of another person’s entire identity or a combination of parts of identities from various victims. Because more than one-half of identity thefts originate in the workplace, businesses will now be required to implement safeguards.
Professional services firms, such as accountants, doctors, dentists and lawyers who defer payment of a client’s bill following performances of services, will be among those businesses affected by the new FTC requirements. Other businesses subject to the rules include finance companies; automobile dealers that provide or arrange financing; mortgage brokers; utility companies; telecommunications companies; and non-profit and government entities that defer payment for goods or services.
Expected Impact Under the new rules, affected businesses must implement written policies specifying how they will detect the warning signs -- the “red flags” -- that indicate an identity theft may be occurring. Businesses must also show how they will respond to prevent or mitigate identity theft crimes if uncovered.
These written policies are supposed to be tailored to the amount of risk. However, the FTC acknowledges there is no bright-line rule to distinguish between high and low risk. The rules suggest that affected businesses consider such factors as how easily their accounts are opened or accessed and previous experiences with identity theft.
Recommended Response Policies should be in proportion to the risk posed. Affected businesses are advised to consider any “aggravating factors” that may exacerbate the threat. For example “What if we had a security breach?” Examples of appropriate responses could be alerting law enforcement, monitoring customer or client accounts for evidence of identity theft, changing passwords or other security devices controlling account access, reopening accounts with new account numbers, or closing accounts. Under certain circumstances, the rule states that a business may determine no response is necessary.
These written policies should be updated periodically to account for changes in risks to customers’ or clients’ information or innovations in detection of identity theft. A new merger, acquisition, joint venture, service provider arrangement, or other contractual relationship in the future may also prompt the need for an updated written policy.
The rule also requires appointing senior management personnel to implement the program; appropriately educating employees; and overseeing any service provider arrangements. Liability follows a business’ data, so due diligence is necessary to confirm vendor compliance before outsourcing payroll or hiring an office cleaning company.
For more detailed information on how “Red Flag Rules” may affect your business or for help in developing a policy, please call Attorney Bob Duimstra (robert-duimstra @mennlaw.com). All of our attorneys may be reached by phone at 920-731-6631 to discuss any legal services you may require.
In Next Month's Issue:
TIME IS OF THE ESSENCE - WHEN TO START YOUR LAWSUIT
Clients who have an interest in beginning a lawsuit must be sure to meet with their attorney early enough to ensure that the suit can be filed within the appropriate time frame. The time limit for starting a lawsuit is set by law according to the type of matter and is not the same in every case.
Upcoming Community Events:
CommunityFoundation - Annual Celebration of Giving Oct. 15th
Appleton Boychoir - American Boychoir Performance Oct. 27
Boys and Girls Clubof the Fox Valley - Leaders and Legends: A Tuesday Night Tailgate Nov. 3
you need a will, we have a way!
planning is the best way to ensure your assets and your future follow a path you
set. At Menn Law, we
offer the full range of services in this area—everything from determining power of
attorney for health care to setting up a living trust or drawing up simple or