Posts in Identity Theft

Boris Segalis, creditor, FACTA, FCRA, FTC, FTC Red Flags Rule, identity theft, identity theft prevention program, Info Law Group, InfoLawGroup, information security, Red Flags

House and Senate Enact Amendment of FCRA, Limit Scope of Red Flags Rule

By InfoLawGroup LLP on December 07, 2010

The Blog of Legal Times is reporting that late on December 7, 2010 the House of Representatives passed a bill on a voice vote that amends the definition of "creditor" in the Fair and Accurate Credit Reporting Act (FCRA) and, as a result, dramatically limits the scope of the Red Flags Rule. The House bill is identical to the legislation enacted by the Senate last week. We previously covered in detail on our blog both the House bill and the Senate bill.The legislation has the effect of largely limiting the applicability of the Red Flags Rule to financial institutions and entities commonly understood to be "creditors". It will generally exclude from the Rule's scope organizations whose "credit" activities are limited to providing a product or service and allowing customers to pay for the product or service at a later time. The legislation leaves open the possibility that the FTC would bring various types of creditors within the scope of the Rule through rulemaking. However, it sets a procedural threshold for expanding the scope of the Rule and appears to require the determination to be specific to the type of creditor. "When I think of the word 'creditor,' dentists, accounting firms and law firms do not come to mind," said Rep. John Adler (D-N.J.), speaking on the House floor.

creditor, enforcement, FACTA, FCRA, Federal Trade Commission, FTC, identity theft, identity theft prevention program, privacy, Red Flags

FTC's Red Flags Rule Slated to Take Effect - Congress Tries Another Fix

By InfoLawGroup LLP on November 22, 2010

The Federal Trade Commission's latest delay in enforcing the Identity Theft Red Flags Rule is slated to expire on December 31, 2010. This fifth delay, which the FTC announced on May 28, 2010, was requested by members of Congress, who had been working to respond to the outcry over the FTC's broad interpretation of the Rule. In the latest legislative initiative, on November 17, 2010, representatives Adler (D-NJ), Broun (R-GA) and Simpson (R-IN) advanced a bill (HR 6420) that seeks to limit the scope of the FTC's Red Flags Rule by amending the Fair Credit Reporting Act's (FRCA's) definition of "creditor."

acceptable use policy, behavioral marketing, confidentiality, data protection, EU, European Union, Facebook, Federal Trade Commission, fraud, FTC, identity theft, privacy, social media, social networking

Social Networking: Setting Boundaries in a Borderless Brave New World

By W. Scott Blackmer on May 29, 2010

Social networking entails some risks and responsibilities. It may implicate privacy and labor law, confidentiality and nondisclosure agreements, advertising regulations, defamation, and other legal regimes, across borders in a global medium. Users, and their employers, need to be aware of these risks and responsibilities in deciding how to make best use of social media.

compliance, contract management, data protection, data security, information governance, information security, management, pia, privacy, privacy audit, privacy governance, privacy impact assessment, procurement, risk management, security governance, standards

Information Governance

By W. Scott Blackmer on May 06, 2010

Security governance is often well established in large organizations, but privacy governance typically lags. It is time for a broader approach to "information governance" that focusses on the kinds of sensitive data handled by the enterprise and establishes policies to assure compliance and effective risk management, as well as better customer, employee, government, and business relations.

IAPP, International Association of Privacy Professionals, Red Flags Rule

Live from the IAPP Global Privacy Summit in Washington, DC, It's Monday Afternoon

By InfoLawGroup LLP on April 19, 2010

This week, I will be providing short updates from the IAPP Global Privacy Summit in Washington, DC. The conference will be in full swing tomorrow, and I will report on various panels and topics of interest. In the meantime, as I prepare to see old and new friends at the Welcome Reception this evening, a few thoughts on what I expect to see and hear a lot over the next few days.

Alberta, breach notice, British Columbia, Canada, Ontario, Quebec

Security Breach Notices for Canadian Data

By W. Scott Blackmer on March 19, 2010

Notice of significant security breaches involving personal information is recommended under federal Privacy Commissioner guidelines and legally required for custodians of personal health information in Ontario. Albert's new Bill 54, not yet in force, sets a new standard for mandatory notification to the provincial Privacy Commissioner, who can determine whether and how individuals must be notified.

creditors, deadline, extensions, FACTA, financial institutions, FTC, identity theft, June 1, prevention program, primer, Red Flags Rule

Is Your Organization's Red Flags Rule Identity Theft Prevention Program Ready for Primetime?

By InfoLawGroup LLP on January 18, 2010

As our readers know, the FTC, after four extensions of the deadline, currently intends to begin enforcing the Red Flags Rule with respect to organizations subject to its jurisdiction on June 1, 2010. In the meantime, the Red Flags Rule remains in effect as to all financial institutions and creditors (and has been subject to enforcement by the banking regulators since November 1, 2008). Although a recent decision of the United States District Court for the District of Columbia, ABA v. FTC, brought lawyers outside the scope of the Rule, the Rule remains broad and covers a wide range of entities as "creditors." Creditors subject to the FTC's jurisdiction need to have their written Red Flags Rule Identity Theft Prevention Programs prepared, approved by the Board, and implemented by June 1. For more on the history and the requirements of the Rule, see my recent article, "The FACTA Red Flags Rule: A Primer," published in Bloomberg Law Reports - Risk & Compliance, reproduced here with the permission of Bloomberg.

American Bar Association, creditors, financial institutions, identity theft, Red Tags Rule

Reminder: FTC Will Enforce Red Flags Rule Beginning November 1 (but Federal Judge Rules Lawyers Not Subject To Rule)

By InfoLawGroup LLP on October 29, 2009

The Federal Trade Commission will begin enforcing its Red Flags Rule this Sunday, November 1. Financial institutions and creditors that hold covered accounts, as defined under the Rule, must have written Red Flags identity theft prevention programs in place by November 1. Earlier today the American Bar Association reported that a federal judge in Washington, D.C., ruled that the FTC exceeded its authority by applying the Red Flags Rule to practicing lawyers. The FTC is expected to appeal today's ruling.