The deadline for compliance with the Federal Trade Commission's Red Flags Rule is November 1, 2009! These regulations require financial institutions and creditors (businesses or organizations that regularly provide goods or services fist and allow customers to pay later, such as automobile dealers, mortgage brokers, telecommunications companies, utility companies and more) to develop, implement and monitor written identity theft prevention programs.

Does your company need to worry about Red Flags Rule compliance? Whether or not it's a good idea to implement an email encryption solution if your organization electronically transmits personal identification via email.

October 28, 2009 - by Adam Bullock

Even with multiple delays and last-minute amendments, the regulations are about to become reality for many businesses around the United States. The rationale behind the rules is sound: according to a recent Gallup poll, 66 percent of U.S. adults worry "frequently" or "occasionally" about identity theft and the FTC estimates that as many as 9 million Americans have their identities stolen each year.

Organizations covered by the Red Flags Rule must implement a written program to detect, prevent and mitigate identity theft. If your company communicates with customers/clients via email, then having a data-leak prevention/content filtering solution to block delivery (such as smarshDLP) and an email encryption solution (like our smarshEncrypt secure messaging service) to protect delivery are logical components of your company’s Red Flags Rule compliance solution.

Failure to comply with the Red Flags Rule can result in financial penalties and regulatory enforcement action. In addition, the publicity that coincides with identity theft and data breaches could also severely damage your company’s reputation.

Update: a bill (H.R. 3763) has passed in the U.S. House of Representatives that would exclude any accounting, legal and health care practice from "creditor" status. In addition, this bill excludes any business in which the FTC determines:

- Knows all its customers or clients individually;

- Only performs services in or around the residences of its customers;

- Has not experienced incidents of identity theft, and identity theft is rare for businesses of that type.

While the bill has passed House consideration, it has just been received in the Senate and has been referred to the Committee on Banking, Housing, and Urban Affairs.

Further information on the Red Flags Rule can be found on the Federal Trade Commission’s Fighting Fraud with the Red Flags Rule microsite.

Adam Bullock is the digital media specialist for Smarsh and a veteran blogger. In previous stops in his professional career, Adam has spent time with an Internet marketing firm as a project manager as well as a leading domain name registrar. If you have any questions or comments, feel free to email Adam directly at abullock [at] smarsh.com.