The FTC has finally come up with a tool to make Red Flags Rules more easily understood and small business compliance easier to implement.
Initially created in 2003, the FTC has repeatedly delayed enforcement of the rules for recognizing and responding to identity theft’s warning signs, largely because of confused interpretation of the term “creditor”.
In response, the FTC has developed a simple six-page, four-step outline for small and low-risk businesses along with guidelines for determining whether a business falls into this category. How can you tell if your business is at low risk for identity theft?
- Do you have few clients or customers whom you know by sight?
- Do you provide services in your customers’ homes?
- Is your line of business frequently linked to identity theft?
- Has your business ever been linked to an identity theft incident?
If you answered yes to the first two questions and no to the last two questions, chances are you have a low-risk business, and can easily meet Red Flag Rules requirements by using the simple form created by the FTC.
The Identity Theft Prevention Program designed by the FTC, available here, guides business owners, board members or senior managers through the process in four easy steps:
- Identifying relevant red flags
- Detecting red flags
- Responding to red flags
- Administering your program, including designating the employee responsible for implementation; training methods; identifying service providers that might detect ID theft; and deciding how to update your program and keep it current.