New Red Flag Rule: Are You Ready?
Just when you think your business complies with the major privacy and security rules–HIPAA and Sarbanes-Oxley immediately come to mind–another piece of legislation throws you for a loop.
So it happened with the Federal Trade Commission‘s new Red Flag Rule, which requires financial institutions and creditors to develop and implement written identity theft prevention programs. A lot of business people I’ve talked to are confused about what the Red Flag Rule will mean for their companies when enforcement begins Dec. 31, 2010 (though this has been delayed numerous times in the past three years).
If you’re unsure about the Red Flag Rule, take a look at this FTC Business Alert to get a good overview of the legislation. I also like this free downloadable guide from the FTC called Protecting Personal Information. The 15-page guide outlines five key principles that a sound data security plan is built on:
- Take stock. Know what personal information you have in your files and on your computers.
- Scale down. Keep only what you need for your business.
- Lock it. Protect the information that you keep.
- Pitch it. Properly dispose of what you no longer need.
- Plan ahead. Create a plan to respond to security incidents.
After reading up on the Red Flag Rule, if you still have questions or concerns about compliance, please get in touch with us. We’d love to talk with you about how BIS can help your company get a handle on this important issue.
Frank J. Albi
One Comment
Leave a CommentTrackbacks