As of November 1, 2009, all creditors will be required to implement an identity theft policy, a.k.a., a Red Flag Policy. While it may seem burdensome, doing so is relatively easy. Here are five keys to enacting compliant regulations:
1. Evaluate your company:
Red Flag Policies will inevitably differ because they must take into account unique factors for each company. These include size, research methods, the number of branch locations, and the form of data transmission, both intra- and inter-office. Larger companies with independent branches must take extra precautions to ensure protection of sensitive information. Additionally, a company with customer interactions primarily by phone or the Internet is more susceptible to fraud, especially by identity theft, and must determine the best way to prevent it.
2. Implement a plan to protect your customers:
Identity theft can occur internally. Your customers must rely on the safety of their sensitive information within your walls. Generally, simple measures will suffice. Lock up all storage areas and make sure your employees do so as well. When files are closed, and are not being retained for an audit, companies can scan them and use a secure storage company for the original. In addition to keeping the information safe, this precaution can also reduce company overhead for office space.
For secure e-mail, include a confidentiality disclosure as an automatic signature on all transmissions. In an age of PDAs and BlackBerrys, short concise disclosures are best.
3. Implement a plan to protect your company:
The use of stolen identities threatens both your company and the public at large. Companies should follow a standard procedure and investigate ancillary information as well as confirming credit, assets and income. Verifying phone numbers and addresses should be the top priority. In addition to knowing what to look for, employees should know what to do if they discover something suspicious. A chain of command and action plan must be in place for immediate deployment when the use of stolen information is confirmed.
4. Update:
Your Red Flag Policy doesn’t exist in a vacuum. The daily evolution of technology is creating new and dangerous ways for thieves to steal and use personal information. Company policy needs to evolve just as quickly. Management should keep an open ear to market news and trends regarding new methods of fraud to ensure their company can counter the latest threats.
5. Train your staff:
A Red Flag Policy is pointless if it just gathers dust on a bookshelf. Your staff must be trained regarding the policy and its practical application. In addition, you must update your employees to new forms of theft and amendments to the policy. Test your staff to make sure they can detect potential signs of fraud and know how to react.
Protection from identity theft is now required by the government. A Red Flag Policy ensures your company is protected; your clients are protected; and you are compliant with the law.
