Red Flags With Minimal Red Tape Webinar: Efficiently Implementing A Red Flags Program

Red Flags With Minimal Red Tape: Efficiently Implementing A Red Flags Program Under The FTC's New, And Broadly Applicable, Identity Theft Regulations

Many view the U.S. system for protecting personal information as an unconnected "patchwork" of laws and regulation. The recent – and dramatic – rise of identity theft has focused federal and state attention on this "patchwork," and this attention is increasingly connecting the "patches" of regulation into a significantly more comprehensive structure. Recently, the Federal Trade Commission (FTC) and five other agencies issued the so-called "Red Flags Rules," which in relevant part are broadly designed to detect, prevent, and mitigate identity theft. Under the Rules, a "Red Flag" is an indicator of the possible theft of a consumer's identity, or a business' identity. The Rules broadly apply to entities that provide ongoing credit to others – thus potentially covering entities that simply, for example, extend "net 30 days" payment terms. The Rules require these entities to implement a program to detect and act on "Red Flags" in establishing credit accounts, and in ongoing activities in these accounts. Due in large part to the broad application of the Rules, the FTC recently extended the deadline for compliance to May 1, 2009.

Partners Ieuan G. Mahony and James T. Mueller and associate Peter I. Sanborn will explain the Red Flags Rules, discuss their scope, and address the steps an entity subject to the Rules should take to prepare for the compliance deadline of May 1, 2009. Specifically, the program will:

• Place the Red Flags Rules within the broader context of "identity theft";
• Describe the structure of the Rules, with particular attention paid to defining the types of entities that are subject to the Rules;
• Provide examples of "Red Flag" events;
• Outline the general steps that should be taken to comply with the Rules; and
• Discuss the concepts of "proportionality" and "streamlined programs," as they apply to low-risk entities under the Rules.