The rules are intended to ensure companies can identify and respond to the warning signs of potential identity theft. Companies that don't comply and that suffer a data breach may face financial penalties (up to $3,500 per violation in federal court or $1,000 in state courts) as well as civil lawsuits from identity theft victims. To prepare, your company should dust off its information security policy and have it reviewed by qualified legal counsel to ensure it conforms with the FTC requirements. The following seven guidelines can assist your company with its compliance.
Thursday, October 29, 2009
FTC Red Flag Rules
THU, SEPTEMBER 24, 2009 — CIO — On November 1, many companies will be required to comply with new regulations issued by the Federal Trade Commission that are designed to reduce the risk of fraud through identity theft. The so-called Red Flag rules (formally known as Identity Theft Red Flags and Address Discrepancies) require companies subject to the legislation— essentially any company that issues invoices—to develop a written information security program to detect, prevent and mitigate identity theft in connection with certain types of accounts, including those which present a reasonably foreseeable risk to customers.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment