82.1 F
San Fernando
Thursday, Mar 28, 2024

Businesses Prepare to Boost Monitoring of Identity Theft

Local business organizations are warning their members that a new Federal Trade Commission policy will force a broad span of businesses to tighten their identity theft prevention practices. The Federal Trade Commission has again postponed enforcement of its Red Flags Rule, which will require businesses and organizations to set up programs that help them search for signs of identity theft and respond to incidents of the crime. “The Red Flags Rule is designed to get businesses to detect whether somebody is using somebody else’s information to get goods and services from them,” said Naomi Lefkovitz, senior attorney for the Federal Trade Commission’s Bureau of Consumer Protection. The Red Flags Rule’s June 1 enforcement date was pushed to December 31 while Congress considers legislation – HR 3763 – that would limit the effect of businesses impacted by the rule, the federal agency announced in late May. The delay is one of several other postponements the commission has made since 2008 in enforcing the policy, which was developed under the Fair and Accurate Credit Transaction Act. While the rule was primarily written for traditional financial institutions and creditors, the federal agency also defines creditors as entities that regularly provide goods or services first and have customers pay later. Examples of such entities include healthcare providers, lawyers and accountants, according to the Federal Trade Commission’s Web site. The Red Flags Rule affects businesses and organizations that regularly grant loans, arrange for loans or the extension of credit or make credit decisions, the site said. It also affects any entity with “covered” accounts, which include any account that presents a reasonably foreseeable risk from identity theft. To educate businesses and organizations about how to comply with the rule, the Federal Trade commission has conducted seminars, conferences and training events and has even published a Web site with a template prevention plan for businesses that pose low risk of identity theft. “The rule is designed to be flexible, and it was not intended to be one-size-fits-all,” Lefkovitz said. “Entities take into account their size, their complexity and their risk of identity theft in terms of creating a program for their business or organization.” Penalties for knowing violations could be as high as $3,500, according to the agency’s Web site. Groups such as the San Fernando Valley Dental Society and the Greater San Fernando Valley Chamber of Commerce have spent several months informing their members of the rule. The San Fernando Valley Dental Society has spread the news to its members through e-mails and newsletter announcements, said Executive Director Andy Ozols. The organization has even provided members access to a template identity theft prevention plan specifically designed for dental care providers. The plan was written by the American Dental Association, Ozols said. Four red flags Four key “red flags” noted on the association’s plan include a patient claiming to be someone else, unexplained discrepancies between a patient’s condition and his or her medical records, discrepancies between the patient’s address and paperwork and any direct reports of identity theft made by a patient, Ozols said. “I think we all agree that it’s a good rule in terms of protecting against identity theft,” he said. “(But) it’s just another layer of regulations they have to deal with, such as setting up protocols. … For small-business people, that can become a burden quickly.” The Greater San Fernando Valley Chamber of Commerce has conducted workshops and seminars to let the public know the rule affects a majority of businesses. The events attracted business administrators from various kinds of businesses, including auto repair, computer sales and manufacturing, retail and wholesale, said Chamber CEO Nancy Hoffman Vanyek. Most were shocked to find out their businesses would be affected by the rule. “I don’t think they think it relates to them,” she said. “Until it happens, they don’t realize they are one of the groups it could happen to.” Major impact Vanyek said the rule will likely have a major impact on smaller businesses that have not cleaned out their old files and may need to update their processes for storing personal information. Businesses with covered accounts can reduce risk by making sure personal information is not stored longer than necessary, addresses and credit card information is stored separately and up-to-date technology is used for processing credit cards. “I think businesses need to really take stock of how they store information and come up with a plan,” Vanyek said. “It could be really simple. It doesn’t have to be a complicated plan.” She added that the rule will help businesses and organizations protect their customers and employees from fraud. “I think it’s more a good business practice issue,” Vanyek said. “You have to know the flow of that information so you know where identity theft can get out.” For more information about the Red Flags Rule, visit www.ftc.gov/redflagsrule.

Featured Articles

Related Articles