In 2003, the US federal government passed into law the Fair and Accurate Credit Transactions Act, also known as FACTA for short. Part of the intent behind passing this long and powerful bill into effect was to curb the risk and incidence of consumer fraud and identity theft by updating the protocols of information transfer and management to be in line with technological and social advancements.
In 2008, another key step to protecting consumer information was taken with the passing of the Red Flags Rule. Being based on a section of FACTA, the red flags rule was passed into power with the same intents as FACTA. The differences however are significant, as the Red Flags Law is a single but powerful and critical component to an overarching effort to protecting consumer information.
If you’re a small business owner, the principle of the Red Flags Rule is an important one to consider, even if your business or organization does not fall within the jurisdiction of the rule itself.
So, Who Does it Apply to?
The Red Flags Rule applies to two specific groups: creditors and financial institutions. Financial institutions are considered to be organizations that principally deal with money including banks, savings and loan associations, mutual savings banks, credit unions and any other entity that holds a transaction account that is owned by a consumer.
Though originally broadly defined, the definition for creditors under the Red Flags Rule was clarified in 2010 through the Red Flag Program Clarification Act. There are three key components that define a creditor impacted under the Red Flags Rule. Creditors under this rule include organizations that:
- Regularly use or view credit reports
- Regularly advance funds to be repaid in the future through collateral or otherwise
- Provide information to consumer reporting agencies
What is the Rule?
Briefly put, the Red Flags Rule is that businesses that are impacted must create and implement a program designed to protect consumers and clients from identity theft. There are four main elements that must be included:
- Identify vulnerabilities and higher risk areas that may signal red flags
- Determine how to detect red flags among normal operations
- Act to prevent and reduce harm once red flags are found
- Update as needed through retraining and protocol changes
What Are “Red Flags”?
The red flags being mentioned fall into 5 different categories;
- Suspicious documents
- Unusual or suspicious activity from a covered account
- Suspicious identifying information
- Notifications, warnings or alerts from a consumer reporting agency
- Notices from clients, victims, law enforcement and others about possible cases of ID theft related to a covered account
Security Shredding NJ Can Help Avoid Seeing Red Flags
One way your organization can reduce its risk of needing to use its red flags protocol is by ensuring that sensitive information is disposed of in a safe and secure manner. Professional document shredding is one of the most effective ways to make sure that documents are disposed of in a manner in which the information is virtually non-recoverable.
Security Shredding NJ has been assisting organizations with secure document disposal for 20 years; our team has the experience and credibility to prove the quality of our services.
Talk to us today to find out more about our secure shredding services, as well as to discuss which services might work best for your business and needs.