In the July 19, 2009 edition of the Arizona Republic it was reported that the Federal Trade Commission(FTC) would require, as of August 1, 2009, businesses to have in writing identity theft preparedness policies. These policies also include many non-profit groups. However, the FTC again extended the deadline for enforcement of the Red Flags Rule to November 1, 2009. The Red Flags Rule was authorized under the Fair and Accurate Credit Transactions Act or FACTA. Pursuant to this rule, every business that collects and/or stores information about others; such as names, addresses, credit card numbers, Social Security numbers, etc. are required to have in place written identity theft preparedness policies. At a minimum, the written policy must have:
- One employee to coordinate the company’s information security program
- Assess and identify risks to customer information in each area of the business’s operations
- Develop and maintain a safeguards program to protect customer information and regularly test and monitor the program
- Select and utilize service providers that maintain appropriate safeguards
- Regularly evaluate the program and modify it based upon operations or results from the testing and monitoring of the program
Failure of a business to have these safeguards in place could mean fines up to $3500 per ID theft incident. This of course does not include the lawsuits filed by the consumer against the company. Security breaches affect businesses in other ways. In an article by Edward McNicholas, partner in the law firm Sidley Austin, published in the CIO (Chief Information Officer) magazine, he said 20% of your consumers will no longer do business with you, 40% will consider ending the business relationship and 5% will be hiring lawyers.
These are the main regulations to be implemented but are not all inclusive of the new requirements for business security. In short, you as a business and business owner can not afford to be unprepared. And you certainly can not afford to hope the FTC will extend the deadline again.
ABOUT THE AUTHOR
Alan K. Wittig is a sole practitioner at the Law Office of Alan K. Wittig, P.C. in Queen Creek, Arizona. His primary area of practice is in Family Law but he also handles criminal defense, personal injury cases and civil cases among other areas. Mr. Wittig graduated from Southern Illinois University School of Law in 1992. After graduation he was a prosecutor and then with the Illinois Attorney General’s Child Support Enforcement. In 1997 he moved to Arizona and was with the Pinal County Attorney’s Office
Child Support Enforcement Department until he entered the private sector. He has received numerous awards for his volunteer work to help persons unable to afford an attorney and to further education of the public of our legal system. He is a Certified Identity Theft Risk Management Specialist. He is licensed to practice law in Illinois and Arizona.
