Red Flags Or No Red Flags, Businesses Need To Act

The FTC may imply that part of the latest Red Flags enforcement delay is to await clarification which pending legislation may bring, but the reality is that the legislation is purely an appropriation consideration not an appropriateness one! In other words – for the pending legislation to consider whether or not certain potential indicators of data fraud in the workplace ought to require attention or not begs the question. Of course they should! The real issue is whether the needed attention can be afforded.
According to the Privacy Rights Clearinghouse’s infamous “chronology of data breaches,” over 300 million data breaches have taken place between April 20, 2005 (the date it began tracking breaches) and the time of this writing. www.privacyrights.org Assuredly, if any of the victims of those millions of data breaches were asked if their data was less worthy of protecting than others the answer would be NO!
The Red Flags Rule, as it’s commonly known, is designed to ensure that entities that extend credit detect, prevent and reduce cases of identity theft under penalty of fines. http://www2.timesdispatch.com/rtd/business/local/article/B-FLAG29_20100528-221006/347604/
Originally passed in 2008, the FTC just announced that enforcement of its Red Flags Rule is yet again delayed – this time allowing compliance through December 31, 2010. http://tampabay.bizjournals.com/tampabay/stories/2010/06/07/story7.html
The pending legislation will determine if it ought to extend to workplaces with fewer than 20 employees, but common sense would tell us that protection from identity theft ought to be extended to all. If common sense dictates that, then, Red Flags or no Red Flags, all businesses ought to do everything they can to protect data on their own – for even if applicability is decided, monies to assist may or may not be attached. http://www.ftc.gov/bcp/edu/microsites/redflagsrule/RedFlags_forLowRiskBusinesses.pdf

By Sue B Martines, J.D.