News

From the underground

Google Analytics uses this cookie name allowing us to see website use with anonymous data.

Red Flag Rule

In December 2010 the Federal Trade Commission (FTC) added the Red Flag Rule to the Fair and Accurate Credit Transactions Act (FACTA). Congress had charged the FTC with developing regulations to help combat Identity Theft.  The rule requires creditors to address the risks of Identity Theft within their organization and create a program to detect the crime.  The program must; include reasonable policies and procedures to identify signs of identity theft, it must be able to detect the signs you have identified, then spell out actions the business will take upon detection, and finally the program must be re-evaluated periodically to ensure it covers any new risks.  The signs are called ‘red flags’ and are dependent upon your business.  The FTC put together a compliance guide to help create a program that is appropriate to the size and the complexity of your business.

If you are wondering if you are affected by this rule, the definition of a creditor is any organization that makes loans or extends credit to a covered account. So first you must, in the ordinary course of business; obtain or use consumer reports in connection with a credit transaction, furnish information to consumer reporting agencies in connection with a credit transaction, or advance funds to or on behalf of a person.  And second it must be for a covered account which includes any consumer account that is primarily for personal, family, or household purposes that is designed to permit multiple payments or transactions.  But the Rule goes on to say it can include any other account maintained by the creditor that has a foreseeable risk of identity theft.  For more information on creating a program for your business, check out the How-To Guide on the FTC’s website.

Please consult with the appropriate professionals for advice to see how Underground Vaults & Storage can be a solution to your compliance needs. We will securely store and retrieve protected personal information then destroy it at the end of its life cycle.