FierceFinanceFierceFinanceITFierceComplianceIT   FierceCIO

Are you in compliance with the ID Theft Red Flags law?

December 18, 2008 — 2:59pm ET | By Jim Kim

The Nov. 1 deadline for compliance with the FTC's ID Theft Red Flags law has passed without major incidence. But there is still plenty of work that needs to be done. The new rule, aimed at deterring identity theft, requires that companies perform a risk assessment, identify issues, generate a written prevention program, obtain board approval, train staff, update the program for new red flags and risks, and annually do a self-assessment. Banks generally complied, though they face lots of extra work going forward.

As for non-financial companies, compliance is proving trickier. Sai Huda, Chairman & CEO of Compliance Coach, says many non-financial companies seem to have been taken by surprise. There may be non-financial companies out there that do not even realize they are covered. Which may be a reason the FTC decided to delay enforcement until May 1, 2009 for non-financial creditors (hospitals, auto dealers, mortgage brokers, mortgage lenders, municipalities, utilities, colleges, universities and vocational schools). "However, each day these entities delay compliance, they risk a plaintiff lawsuit. Remember, the compliance deadline was not pushed back, just enforcement by the FTC for non-financial institution creditors." 

Related Articles:
Identity theft news from FierceSarbox
Compliance news from FierceSarbox

SHARE WITH:
Email Twitter Facebook LinkedIn StumbleUpon
Get Your FREE FierceComplianceIT Email Newsletter:
Be the first to comment

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.