News

Previous   Next

01/27/2009

Identity Theft and Red Flags Rule

image

In the past year, some NYSDA members have reported being victims of identity theft.

Identity theft occurs when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes. It is a very serious crime, and while some identity theft victims can resolve their problems quickly, others spend hundreds of dollars and many days repairing damage to their good name and credit record.

NYSDA recently partnered with the Federal Trade Commission through a co-branding program and is providing members, free of charge,an identity theft brochure.

To order a brochure, contact NYSDA at acheeney@nysdental.org. Include your mailing address.

More resources for consumers and businesses: http://www.ftc.gov/bcp/edu/microsites/idtheft/

NEW!

Red Flags Rule Deadline is Extended to May

The Federal Trade Commission will suspend enforcement of the new “Red Flags Rule” until May 1, 2009, to give creditors and financial institutions additional time in which to develop and implement written identity theft prevention programs. The announcement and the release of an Enforcement Policy Statement do not affect other federal agencies’ enforcement of the original November 1, 2008 deadline for institutions subject to their oversight to be in compliance.

The Red Flags Rule was developed pursuant to the Fair and Accurate Credit Transactions (FACT) Act of 2003. Under the Rule, financial institutions and creditors with covered accounts must have identity theft prevention programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft.

The Rule applies to creditors and financial institutions. Federal law defines a creditor to be: any entity that regularly extends, renews, or continues credit; any entity that regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who is involved in the decision to extend, renew, or continue credit. Accepting credit cards as a form of payment does not, in and of itself, make an entity a creditor. Some examples of creditors are finance companies, automobile dealers, mortgage brokers, utility companies, telecommunications companies, and non-profit and government entities that defer payment for goods or services. Financial institutions include entities that offer accounts that enable consumers to write checks or to make payments to third parties through other means, such as other negotiable instruments or telephone transfers.

The Commission staff launched outreach efforts last year to explain the Rule to the many different types of entities that are covered by the Rule. The agency published a general alert on what the Rule requires, and, in particular, an explanation of what types of entities are covered by the Rule – http://www.ftc.gov/bcp/edu/pubs/business/alerts/alt050.shtm. During the course of these efforts, Commission staff learned that some industries and entities within the FTC’s jurisdiction were uncertain about their coverage under the Rule. These entities indicated that they were not aware that they were engaged in activities that would cause them to fall under the FACT Act’s definition of creditor or financial institution. Many entities also noted that, because they generally are not required to comply with FTC rules in other contexts, they had not followed or even been aware of the rulemaking, and therefore learned of the Rule’s requirements too late to be able to come into compliance by November 1, 2008. The Commission’s delay of enforcement will enable these entities sufficient time to establish and implement appropriate identity theft prevention programs, in compliance with the Rule.

See link below to ADA News regarding the requirement of an office identity theft program if you extend credit to patients, but as noted above, the deadline has been extended from November 1, 2008 to May 1, 2009.
http://www.ada.org/prof/resources/pubs/adanews/adanewsarticle.asp?articleid=3240

Acrobat PDF FileFTC Red Flags Rule Policy
Acrobat PDF FileFTC Guidelines: for implementing a qualifying written identity theft prevention program

Protecting Personal Information: A Guide for Business: Tutorial
http://www.ftc.gov/bcp/conline/edcams/infosecurity/index.html