Red Flag Rules and Vendor Relationships
August marks the month for businesses to implement identity theft programs to comply with the Fair & Accurate Credit Transactions Act of 2003. Specifically, Title 16 of the Code of Federal Regulations (CFR) Part 681 requires all financial institutions and creditors to establish a written program to detect, prevent and mitigate identity theft. “Identity theft” is defined as a fraud committed or attempted using the identifying information of another person without authority (see 16 CFR 603.2(a)). The FTC has advised that high risk entities should have more elaborate programs, while low risk entities could have streamlined and less complex programs. In creating their programs, all entities are encouraged to give due regard to specific guidelines provided in an appendix to Part 681.
In addition to their own programs, businesses should not neglect their vendors and suppliers who may have access to “identifying information” (i.e., any name or number that may be used, alone or in conjunction with any other information, to identify a specific person). Those vendors and suppliers should also have appropriate identity theft programs in place. To ensure compliance, smart businesses are now requiring such entities to warrant they will have a compliant program in place at all times during their relationship. A basic warranty should include the following:
With regard to the data received from Company and its customers hereunder, Vendor shall establish and maintain an identity theft program compliant with Title 16 of the Code of Federal Regulations (“CFR”) Part 681 (Identity Theft Rules), including giving due consideration to the Guidelines provided in Appendix A thereto. Among other things, such program shall be designed to identify, detect, and respond to Red Flags, as defined in Section 681.1. Vendor shall promptly notify Company in writing if it becomes aware of any attempted or successful identity theft, as defined in 16 CFR 603.2(a), in connection with its performance of this Agreement.
Previous Post: New Rules for Accountants Placing Data at Risk?Next Post: Delay in Red Flag Rule Enforcement
What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
WHITE PAPER
Reduce Email Archives up to 60%
Are you considering implementing a proactive archiving and eDiscovery solutions? This paper summarizes 15 separate soft cost savings when implementing Symantec Enterprise Vault and the Clearwell eDiscovery Platform.
WHITE PAPER
Aberdeen Report: To Patch, or Not to Patch? (Not If, But How)
The report explores the correlation between the current use of patch management and the level of endpoint-related risk that companies are effectively accepting.
Recent Comments
Webcasts
- The CISO's Survival Guide to Securing Data
- Data Privacy and Protection in Production Environments: New Research from Ponemon Institute
- FireEye Advanced Threat Protection KnowledgeVault
- Five Tips to Consider in a Data Security Strategy for Smartphones and Tablets
- Moving Your Email to the Trusted Cloud
- Comprehensive Server Protection
White Papers
