Update on the New RED Flags Rule

By in

What does it mean to your organization?

Effective December 31, 2010, the Red Flags Rule requires organizations extending payment terms to customers and that have personal information on file to:

1)     Create a written “Program” that identifies where personal customer information is vulnerable to unauthorized access or where the organization is vulnerable to ID Theft.

2)     Institute precautions that address those ID Theft vulnerabilities and train employees to comply with those precautions.

3)     Intervene, alert the authorities, or warn the potential victims when there is a threat of ID Theft.

4)     Have the “Program” controlling ID Theft vulnerabilities signed by the Board of Directors or the company owners annually.

5)     Require audits of data-related vendors with access to personal information of customers.

The Federal Trade Commission is in charge of informing the law and estimates that 11 million organizations are legally required to comply.  That is close to 40% of all U.S. businesses.