NEW FEDERAL LAW MODIFIES FTC RED FLAG RULES
Adopted in 2009 pursuant to the Fair and Accurate Credit Transactions Act of 2003, the Federal Trade Commission’s Red Flag Rule requires many businesses and organizations to implement a written identity theft prevention program designed to detect the warning signs (i.e., “red flags”) of identity theft in their day-to-day operations.
The rule applied to a city department, such as a municipal utility, that collects payment after a service was offered. That meant that the city and/or utility were required to adopt and implement a policy that would protect customer financial information.
On December 18, 2010, President Obama signed into law the Red Flag Program Clarification Act. The Act limits the application of the rules to creditors that use or report information to consumer reporting agencies. Thus, a city department that does not use consumer reports and does not report information to consumer reporting agencies is no longer required by this federal law and rule to have an identity theft policy.