by Denise Richardson Consumer Advocate (NAPSA)—Good newsfor anyone concerned about protecting their financial assets and their own good name: The Red Flags Rule is now the law. It requires businesses to create a written identity theft prevention program. Under the Red Flags Rule, a business defined as a “creditor” must have written policies in place to spot the “red flags” of identity theft. An acceptable identity theft prevention plan must : have procedures in place to detect, prevent and mitigate identity theft. The plan must include training employees and subcontractors and periodically renew Richardson evaluating security risks. To mitigate identity theft, a strong plan should also include a proactive protection solution to cover the affected individuals. Credit monitoring is not enough. The types of crimes that consumers face today are not as simple to clean up as closing a credit card. Whether personal information is used to commit other crimes, clean out bank accounts, file false tax returns, steal home equity or obtain utilities, employment, government and medical benefits, the crime canfol- low consumersfor years to come. Although the law was designed to protect consumers, as CFO Magazine points out, identity theft costs businesses big bucks, too. The Red Flags Rule would A new law requires many companies that issue credit to create a plan to preventidentity theft. seem amenable to all, but it wasn’t quite that easy. As originally drafted, it required any business to comply if it extended credit. Insurance and medical industries, among others, argued that the Rule would be overly burdensometo small businesses. The Red Flags Rule as finally implemented has a much narrower definition. According to the FTC, creditors must meet one of three criteria. They must: Obtain or use consumer reports in connection with a credit transaction; Furnish information to consumer-reporting agencies in con- nection with a credit transaction; or eAdvance funds to—or on behalf of—someone, except for funds for expenses incidental to a service provided by the creditor to that person. In other words, your dentist whobills you after a root canal or your wireless phone carrier that sends you a monthly statement are not “creditors” for the purposes of this law but a car dealer’s finance office would be. WhatI don’t understand is why any business would put on blinders about the effect that data theft crimes could have on it. We hear constantly about losses brought by massive cyber-attacks and data breaches at multinational companies and the millions of consumers affected. We may not hear about what happens when a school or small business discovers a corrupt employeeis selling other people’s Social Security numbers or when a hospital employee sells patients’ medical or financial records to an identity theft ring. Wouldn’t a business ownerprefer to develop a plan to detect identity theft risks than deal with police, potential lawsuits, negative publicity and angry victims after a breach occurs? Even with the law in place, however, thieves can get ahold of your personal information from trash cans, dumpsters, stolen mail, even shoulder surfing. That’s why to safeguard their per- sonal information from the risk of misuse, many people are looking into LifeLock identity theft protection, a proactive defense system that monitors your identity and alerts you to potential dangers. Learn more at www.lifelock.com and (800) 543-3562. e Ms. Richardson, certified identity theft risk management specialist, is a member of the National Association of Consumer Advocates and the American Consumer Credit Education Support Services, and author of “Give Me Back My Credit!”
