The Federal Trade Commission (FTC) has adopted the “Red Flags” Rule requiring most financial institutions and other businesses which extend credit to establish and maintain an “Identity Theft Prevention Program” (16 C.F.R. Section 681.2, “Duties regarding the detecting, prevention, and mitigation of identify theft”.) The Identity Theft Prevention Program is meant to ensure that a business will respond to “Red Flags” which would make a reasonable person suspicious of the possibility of identity theft. The FTC’s rules require the Red Flags program to be approved by the provider company’s Board of Directors (or a Board committee), and to be overseen by a designated “senior management” employee, and to use staff training and vendor oversight as needed.
The FTC Red Flag Rules, already delayed to November 1, 2009, have at the request of Congress been deferred until June 1, 2010. (FTC October 30, 2009 Press Release.) The FTC has now created a dedicated Red Flags Rule website, a “How-To Guide for Business” on fighting fraud, and a “Getting Red Flags Ready” video. This is in addition to the prior unofficial FTC Staff summary, What Telecom Companies Need to Know.