[Dataloss] fringe Federal law and ID theft prevention

Michael Hill, CITRMS mhill at idtexperts.com
Thu Sep 4 17:02:56 UTC 2008


I want to add one thing to this very informative article from Jones Day 
written by Kevin Sykes that I believe is an important part of the 
administering of the "Identity Theft Prevention" program under the Red Flag 
Rules.  As a consultant who has assisted many companies in their ID Theft 
program, training their employees on the program and the reality of identity 
theft is an absolute must for all businesses.  I think its .90(e) in the 
rules.

We read article after article on this webboard about data breaches and the 
loss of PII and it seems the human element plays a VERY big part.  To not 
train ALL your employees, I think would be leaving your business open to 
even more liability.  Yes, even the warehouse personnel as well.


Michael Hill
Certified Identity Theft Risk Management Specialist
404-216-3751
www.idtheft101.net



----- Original Message ----- 
From: "Henry Brown" <hbrown at knology.net>
To: <dataloss at attrition.org>
Sent: Thursday, September 04, 2008 9:46 AM
Subject: [Dataloss] fringe Federal law and ID theft prevention


A ~2300 word "posting" with at least 20 different related links....


http://www.jonesday.com/pubs/pubs_detail.aspx?pubID=S5427

On December 4, 2003, the President signed into law the Fair and Accurate
Credit Transactions Act ("FACTA"). FACTA was enacted by Congress to
provide consumers with increased protection from identity theft. The
regulations directed six agencies to jointly "establish and maintain
guidelines…[that] identify patterns, practices, and specific forms of
activity that indicate the possible existence of identity theft."[1]
Accordingly, the six agencies published the final regulations on
November 9, 2007, and those regulations became effective January 1,
2008.[2] However, compliance with the regulations is not mandatory until
November 1, 2008.[3]

The final regulations contain three parts. First, they require covered
entities to create a written identity theft program designed to detect,
prevent, and mitigate identity theft in connection with certain covered
accounts (the "Red Flag Rules" or the "Rules"). Second, the regulations
impose requirements on consumer reporting agencies related to
discrepancies between an address contained in a request for a consumer
report and the address in the consumer reporting agency's file. Third,
the regulations impose requirements on debit and credit card issuers to
implement procedures to assess the validity of address changes under
certain circumstances. 



More information about the Dataloss mailing list