Articles In This Issue
Let Us Help You
Have you had a data breach?
If you have any questions about our resources or any topics related to Experian Data Breach Resolution, please contact us at email@example.com or call 1 866 751 1323.
Data Security Law in 2011: Responding to a Breach and Security Considerations for Engaging Vendors
On Demand Webinar
State Legislation Effects on Data Breach Resolution
Find out about State data breach bills being considered in 2011, data breach incident response, and trends in data security legislation and regulation.
Featured Privacy Experts from Hogan Lovells LLP and Morrison & Foerster LLP
Recent Red Flags Rule Amendment
Recent Red Flags Rule Amendment Limits Coverage Conditions for Creditors
Federal law requires all financial institutions and creditors holding transaction accounts belonging to consumers to comply with the Red Flags Rule, an identity theft prevention measure. Through the required written identity theft prevention program, organizations are better prepared to detect and address the “red flags” associated with identity theft, minimizing or eliminating the potentially steep costs and other damaging effects.
A change in the law occurred on December 18, 2010, amending the definition of creditor, limiting coverage conditions. The new law covers creditors who regularly, and in the ordinary course of business, meet one of these three general criteria:
- Obtain or use consumer reports in connection with a credit transaction.
- Furnish information to consumer reporting agencies in connection with a credit transaction.
- Advance funds to — or on behalf of – someone, except for funds for expenses incidental to a service provided by the creditor to that person.
Establishing an Effective Program
A thorough, well-constructed identity theft prevention program is vital to its effectiveness. The following are some key components designed to detect, prevent, and mitigate identity theft.
- Identify relevant patterns, practices, and specific forms of activity that are “red flags” signaling possible identity theft and incorporate those red flags into the program.
- Detect red flags that have been incorporated into the program.
- Respond appropriately to any red flags that are detected to prevent and mitigate identity theft.
- Ensure the program is updated periodically to reflect changes in risks from identity theft.
- Provide oversight of service providers used by the company.
- Create a list of triggers that, when present, will cause the company to take action and develop methods to detect those triggers in connection with new and existing accounts.
- Provide a process for escalation to respond to any triggers detected.
For more information on the Red Flags Rule, visit the Federal Trade Commission Website.