Monday, April 13, 2009

ID Theft Red Flags Rule: Are You Ready for May 1? Part 1

Are businesses profiting from the process of establishing their identity theft response program? With the May 1st deadline fast approaching I found an article today that bears noting.

At a recent conference, an executive from a large creditor company told Betsy Broder, Assistant Director, Division of Privacy and Identity Protection at the Federal Trade Commission.
"This Red Flags rule was one of the best business exercises that his company had been through in years." The entire program's development forced the creditor to approach this issue in a much more logical, structured way, so that it now has one document that captured all of the company's fraud detection and response programs. "It made them approach it in a more holistic fashion," Broder says. "For that reason alone, they thought it was a beneficial exercise for them to go through."

I have written numerous pieces here and in other publications about the various benefits of having such a program. Companies can benefit in a number of ways from a culture shift as mentioned above, but also by training. At Taylor and Associates we focus on the benefit to the staff by providing a solid education of identity theft so they can better understand what we mean by identity theft. Not only what we see on television and the newspaper, but also the less understood and potentially more dangerous aspects of the crime. With this increased understanding employees are more apt to be proactive and protective with the files and information they handle on the job. Once armed with the knowledge of how identity theft can affect them and their families the more effective they are in joining the solution to combat identity theft.

These programs should be individually designed to bring each company into compliance with the law, but also to create the “culture of security” the FTC is trying to establish. This is most effective when management is committed to making the program work, and that all staff has been thoroughly oriented on their roles in implementing the program. Add to that the component of vendor oversight and you will have a healthy approach and response to the threat of data loss.

Tomorrow I will visit more of this article as we prepare to meet that May 1st deadline.

No comments: