Identity Theft Prevention Program

July 5, 2009 By Gust Rosenfeld In Legal Alerts

Effective August 1, 2009, businesses and organizations with consumer or other accounts at risk for identity theft must develop and implement an Identity Theft Prevention Program. They also need to heed identity theft “red flags.”

Who Must Comply
Covered entities include banks, credit unions and other financial institutions, any business or organization that regularly defers payments for goods or services, or bills the customer later. Examples include governments, health care providers, finance companies, automobile dealers, utility companies, and telecommunications companies. Nonprofit entities may also be covered. Accepting a credit card as a form of payment does not alone make a business covered.

Accounts Requiring Protection
If your organization is covered, you must take steps to protect customers’ accounts. These accounts are used mostly for personal, family or household purposes and involve multiple payments or transactions (e.g., credit card accounts, loans, utility accounts, and bank accounts) or any other account where there is a “foreseeable risk of identity theft;” for example, small business or sole proprietorship accounts.

Identity Theft Red Flags
Covered entities must implement a written Identity Theft Prevention Program. The program must be structured to prevent, detect and mitigate identity theft.

Common red flags include alerts, notifications and warnings from credit reporting companies, suspicious documents, suspicious personal identifying information, suspicious account activity and notices from other sources, e.g., the customer, law enforcement authority, etc.

Responding To Red Flags
Once a red flag is spotted, the business must respond appropriately, including notifying the customer, changing passwords, closing the account, monitoring future activity, notifying law enforcement, and other actions. Other state and federal laws provide additional requirements.

Program Approval
The program must be approved by the company’s board of directors or appropriate board committee. If the business does not have a board, senior management must approve the program. The board must also oversee, develop, implement and administer the program, and staff must be trained.

Further information can be found at the FTC website: www.ftc.org/redflagsrule

For More Information
Tom Chauncey ~ 602-257-7479 ~ mailto:tchauncey@gustlaw.com

Categories

Tags

badge

Real Results, Valued Relationships,
and Earned Reputation.
The Story of Gust Rosenfeld

Phoenix Office

Phoenix Office

One East Washington Street, Suite 1600
Phoenix, AZ 85004

602-257-7422

Phoenix Office
Flagstaff Office

Flagstaff Office

125 East Elm Avenue, PO Box B
Flagstaff, AZ 86001

928-226-0000

Flagstaff Office
Tucson Office

Tucson Office

One South Church Avenue, Suite 1900
Tucson, AZ 85701

520-628-7070

Tucson Office
Wickenburg Office

Wickenburg Office

579 West Wickenburg Way, Suite 4
Wickenburg, AZ 85390

928-684-7833

Wickenburg Office
Phoenix Office
Flagstaff Office
Tucson Office
Wickenburg Office
Gust Rosenfeld Badges
Gust Rosenfeld Badges
Gust Rosenfeld Badges
Gust Rosenfeld Badges
Gust Rosenfeld Badges
Gust Rosenfeld Badges