Resources on this site can help business people educate their staff and colleagues about complying with the Red Flags Rule.
All businesses including landlords and property management companies need to be aware of the state and federal laws determine their duties and which govern their relationship with their clients, tenants and applicants. If you take payments by credit card, or pull a credit report to as part of your tenant screening/application process you are required by the Red Flag Rule to take other reasonable steps to determine if the person matches the information you gather, or is attempting to steal someone’s identity. You must also take steps to protect the confidential information you obtain.
What compliance is required by you? Your Identity Theft Prevention Program is a "playbook" that must include reasonable policies and procedures for detecting, preventing, and mitigating identity theft. Your Program should enable your organization to:
- identify relevant patterns, practices, and specific forms of activity — the "red flags" — that signal possible identity theft;
- incorporate business practices to detect red flags;
- detail your appropriate response to any red flags you detect to prevent and mitigate identity theft; and
- be updated periodically to reflect changes in risks from identity theft.
The FTC and the federal financial agencies have issued Frequently Asked Questions and answers to help businesses comply with the Rule.
Who Must Comply with the Red Flags Rule?The Rule requires "financial institutions" and "creditors" that hold consumer accounts designed to permit multiple payments or transactions -- or any other account for which there is a reasonably foreseeable risk of identity theft -- to develop and implement an Identity Theft Prevention Program for new and existing accounts. The definition of "financial institution" includes all banks, savings associations, and credit unions, regardless of whether they hold a transaction account belonging to a consumer; and anyone else who directly or indirectly holds a transaction account belonging to a consumer.
A change in the law on December 18, 2010 amended the the definition of "creditor," and limits the circumstances under which creditors are covered. The new law covers creditors who regularly, and in the ordinary course of business, meet one of three general criteria. They must:
- obtain or use consumer reports in connection with a credit transaction;
- furnish information to consumer reporting agencies in connection with a credit transaction; or
- advance funds to -- or on behalf of -- someone, except for funds for expenses incidental to a service provided by the creditor to that person.
Bottom line: take all steps necessary to protect the personal identification information you use or gather.