Are you in compliance with the ID Theft Red Flags law?

The Nov. 1 deadline for compliance with the FTC's ID Theft Red Flags law has passed without major incidence. But there is still plenty of work that needs to be done. The new rule, aimed at deterring identity theft, requires that companies perform a risk assessment, identify issues, generate a written prevention program, obtain board approval, train staff, update the program for new red flags and risks, and annually do a self-assessment. Banks generally complied, though they face lots of extra work going forward.

As for non-financial companies, compliance is proving trickier. Sai Huda, Chairman & CEO of Compliance Coach, says many non-financial companies seem to have been taken by surprise. There may be non-financial companies out there that do not even realize they are covered. Which may be a reason the FTC decided to delay enforcement until May 1, 2009 for non-financial creditors (hospitals, auto dealers, mortgage brokers, mortgage lenders, municipalities, utilities, colleges, universities and vocational schools). "However, each day these entities delay compliance, they risk a plaintiff lawsuit. Remember, the compliance deadline was not pushed back, just enforcement by the FTC for non-financial institution creditors." 

Related Articles:
Identity theft news from FierceSarbox
Compliance news from FierceSarbox