The earliest citation of "red flag" in the sense of a warning is dated 1777 and refers to a flag warning of flood. Now, to stem the flood of information available to identity thieves, the Federal Trade Commission (FTC) is requiring all businesses and organizations that are covered by the Red Flags Rule, for example, real estate agents and brokers, mortgage brokers, finance companies, anyone who helps consumers get financing from others, to look at how their business or organization can identify suspicious patterns or practices or how specific activities may result in the possibility of identity theft. This rule sets out how those covered entities must develop, implement, and administer an Identity Theft Prevention Program which the FTC will begin enforcing on August 1, 2009.

Is this really necessary? Well, there is some compelling evidence that says ‘yes’. According to the Identity Theft Resource Center’s study, in 2008 93% of reported crimes involved financial identity theft. The whole idea of this Red Flags Rule is to stop theft from happening at the point of purchase.

Here’s an example. A guy walks into a car dealership in Arizona and buys a SUV. Actually, he walked into a couple of dealerships and purchased a couple of SUVs- using an identity he stole 12 years ago. Now he is serving 21 months in a federal prison, courtesy of the U.S. Department of Justice. This whole incident probably could have been avoided by the application of the Red Flags procedure. By the way, a conviction for misuse of a Social Security number carries a maximum penalty of five years in prison, use of an unauthorized credit card carries a maximum of 10 years and identity theft has a maximum sentence of 15 years. All counts also carry a maximum fine of $250,000.

To see if you are a covered entity and the details of what you need to do to comply with the Red Flags Rule, check out this FTC guidebook. Here is what a brief summary of what you need to do:

• Create a written program and implement it. The program must consist of three parts- identity theft detection, prevention and mitigation.

• Implement reasonable policies and procedures to determine identity theft Red Flags, like a fake looking id, spot them and then spell out how you will take action once a flag is detected.

• Make sure that all employees are trained in the program.

• Re-evaluate and update the Red Flags program and procedures periodically.

As always, stay aware and alert.

Consult with your Privacy Gurus® to find out more about smart privacy and information security best practices, and with any other questions about this topic or any other privacy and information security topic.

Darity Wesley is CEO and Legal Counsel for Privacy Solutions, Inc. a San Diego based consulting firm. Her team of Privacy Gurus® work with you to create policies and procedures to establish the expectation of privacy for your members, clients, customers, prospects, affiliates, associates, employees and vendors. You can reach her at (619) 670-9462 or Darity@privacygurus.com, Visit our website at www.privacygurus.com

Please feel free to email us with any questions or issues you would like to see addressed in our newsletter. We would appreciate hearing from you and addressing any issue that is on your mind. Email us at info@privacygurus.com