If financial companies, creditors, and other establishments that utilize important personal data obtained from their customers, clients, and patients are protecting consumers from identity theft, then why is so much of it occurring? Why is information still being stolen for the sole intention of using someone else's identity or data to obtain medical services, find employment, go on a spending spree or commit other crimes? More importantly, why haven't the FTC's Red Flags Rule guidelines been implemented by all businesses who store our data -whether or not they are mandated to do so?
Let's face it; the widespread occurrence of identity theft is continuing to grow in leaps and bounds. Is it any wonder? While the FTC may have put strong guidelines such as the Red Flags Rule in place to assist in the curtailment of identity theft, the deadline for the implementation of these rules has been pushed back several times already. The newest deadline is now June 01, 2010. Why are there so many requests for extra time to simply get a handle on how best to secure stored data and respond if and when it's compromised?
Moreover, with all of this confusion concerning deadline dates, is it any wonder that the institutions, companies, and businesses who haven't gotten on board with the Red Flags Rule, yet don't really know whether or not they are required to do so?
A few of these groups have even decided that they do not want to be included with those who are required by law to incorporate the red flag rules into their daily business practices. In fact, this disgruntlement with having to comply seems to be partly responsible for the deadline extensions. Leaders of the American Medical Association and American Veterinary Association said they will try to convince the FTC and Congress that physicians should not be included in the program.
This latest delay comes at the request from Congress, which is considering amendments to the identity theft rule. The House of Representatives unanimously passed Bill H.R. 3763 late last month to exclude groups with fewer than 20 employees from complying with the guidelines. It is now in the hands of the Senate. On Oct. 21, the bill was referred to the Senate Committee on Banking, Housing and Urban Affairs, where it is currently stalled.
In reality, when exclusions like this are put into place, is it any wonder that some businesses might not know whether or not they have to comply? Or when they have to comply?
Wouldn't it be helpful to all of us if everyone simply put their time and energy into putting the red flag guidelines into place -as opposed to focusing on avoiding the responsibility of it
The Federal Trade Commission created the Red Flags Rule guidelines to help thwart identity theft. Additionally, they have created helpful tools that should make the process of incorporating these rules easier for most companies. In addition to specialized guidelines, the FTC has published a number of informative articles, a video, and a template to help with this transition.
Who actually is required by law to implement the Red Flags Rule into their business seems to be an open question at the moment. Of course, banks, credit card issuers, and credit unions are already required by law to follow these guidelines. This is because they fall under the jurisdiction of the National Credit Union Administration and the federal bank regulatory agencies.
Put simply, the original intent of the Red Flags Rule was to provide 26 commonsense guidelines to help a business that stores our personal data prepare a written identity theft prevention plan aimed at securing data and detecting and responding to any potential data breach.
Consumers can only stand by and wonder why it is that while identity theft continues to skyrocket, interest in preventing it -isn't. Putting together a written policy aimed at preventing protecting sensitive data from falling into the wrong hands, shouldn't be that difficult.
Leave a comment