The Identity Theft Red Flags Rule

Now that many businesses have to abide by the identity theft red flags rule, it's a bit easier to fix identity theft problems

Most of us would agree that an ounce of prevention is worth a pound of cure, which is where the new identity theft "red flags rule" comes into play. These days, many businesses are required to inform you immediately if ID theft occurs during the implementation of their commerce.

That way, you can start working immediately on your identity theft fix, rather than finding out months or years later that someone's stolen your life.

Um, "These Days"?

No legally-mandated red flags rule existed before November 2009, when the Federal Trade Commission started enforcing their new identity theft regulations.

Prior to that, most companies would immediately contact their clients if they knew or suspected that someone had tapped into their files and stolen information that could be used for identity theft. Some even took steps to help clients mitigate the effects of the potential ID theft.

But that was a corporate decision; it certainly wasn't required. It may surprise you to learn that before the implementation of the red flags rule, a company didn't have to inform you if someone might have stolen your personal information from them. Many did, but they didn't have to.

And What's This "Some" Businesses?

From the beginning, the new red flags rule applied only to businesses or organizations that handled accounts of one kind or another. So JC Penney would have to let you know if someone had tapped into their credit system and stolen your name and SSN, but your local bookstore or food market wouldn't.

Life became a bit easier for the identity thieves on December 31, 2010, when the FTC modified the red flags rule. Now only business and organizations that use consumer reports together with credit transactions, or who loan money, or provide information to credit reporting agencies, are required to comply.

Doctors, lawyers, and accountants are specifically exempt from compliance.

The Procedure

Here's how the FTC-mandated red flags program works:

First, the business must "Identify relevant patterns, practices, and specific forms of activity that are 'red flags' signaling possible identity theft." Second, they have to be able to detect those red flags when they occur.

The next step is to respond immediately, notify the affected customers, and help those customers mitigate the effects of the identity theft. Finally, the business is required to update their program regularly in order to detect new ID theft methods and trends.

It remains to be seen how well the new program will work, and whether further challenges will whittle down its utility. That said, half a loaf really is better than none when it comes to this kind of crime, so the identity theft red flags rule is a welcome breath of fresh air.

Recent Posts

Beware the Possibility of Donor Registry Scams

These Identity Theft Games Can Help You Stay Sharp

Can Identity Theft Repair Companies Really Help?

IRS Identity Theft Scams

Debit Cards and ID Theft at the Gas Station

The Identity Theft Red Flags Rule

Creative Identity Theft: It's on the Rise

Identity Theft Trends for 2011 and Beyond

How to Dispute Credit Report Errors

Identity Theft and Your Social Security Number


Subscribe to this site's feed

« Creative Identity Theft: It's on the Rise | Home | Debit Cards and ID Theft at the Gas Station »

Copyright © All rights reserved.
All trademarks are the property of their respective owners.