FACTA - Red Flag Rule now in Effect

November 01 , 2009 in Industry News

The National Association for Information Destruction is alerting its members that starting Nov. 1, 2009, the amendment to FACTA, called the Red Flag Rule, will go into effect. Under this amendment, every organization “that holds any consumer account, or other account for which there is a reasonably foreseeable risk of identity theft” to develop what it calls “reasonable policies and procedures for detecting, preventing, and mitigating identity theft.”

The Red Flags Rule requires an estimated 11 million businesses and organizations to implement a written Identity Theft Prevention Program designed to detect the warning signs – or “red flags” – of identity theft in their day-to-day operations.

This is good news for the secure destruction industry, since NAID’s own statistics show that organizations with written data protection procedures are twice as likely to outsource their destruction requirements as those without them.

While all current data protection laws require organizations to have written data protection policies and procedures, the Red Flag Rule is specifically created to emphasize the importance regulators put on them.

To support its members, NAID has produced a draft Red Flag contract clause and language to update member’s policies and procedures. To obtain the documents, members must complete the NAID Red Flag Rule Release.
NAID has also stepped up training on the use of the Compliance Toolkit for members looking to capitalize on the opportunity created by the imminent effective dates of the Red Flag Rule and HITECH.