Will the new "Red Flag Rules" help curb data breaches & Identity theft?

Menacing headlines such as the recent Countrywide data theft continue to alarm and inform us to the ever growing presence of data theft.

With news of corporate data breaches hitting the papers every day it's clear criminals continue to find ingenious ways to skim, steal or hack whatever bits of information they can from large or small data bases or from our own rubbish, computer, wallet including the thing we most take for granted- our own identities!

The best defense -is a great offense! The truth is, knowledge is power and 
when it comes to a data breach or identity theft -what you don't know can 
and will most definately hurt you.

Business files contain a treasure trove of personal information for identity
thieves; names,addresses, mothers' maiden names, insurance information, 
social security numbers, credit card and bank account information. 

This information is as good as gold to a potential thief. Employers may be 
being held liable for identity theft that occurs in the workplace and companies
must be prepared to defend the procedures they've adopted to protect the
personal data stored in their files.

Taking the necessary precautions to protect your data and your employees 
before a theft occurs, will go a long way towards minimizing the likelihood of 
identity theft, lessen the impact if one happens, and limit your liability when 
data breach occurs. 

It's so crucial to educate employees on what they should be on the look out for,
 what they need to report and what steps they should take to secure data and 
avoid fraud. Employees who have access to sensitive information, should be 
given the tools they need to guard it. If you arm your employees with the 
appropriate resources and sufficient guidance and information, they can be
your most valuable allies in preventing fraud-related losses.

The thing is, when it comes to identity theft or data breaches, the last thing 
any business wants to see is their name in the headlines! 

To help curb the long list of data breaches, the Federal Trade Commission,
the Federal Reserve, the National Credit Union Administration and other 
financial regulators in the United States are "phasing in" what they call, the
Red Flag Rules -this year.

These rules mandate financial institutions and creditors set up and enforce 
written plans for identifying "red flag" transactions that could indicate identity
theft or fraud. The law became effective January 1, 2008, and full compliance
must be met by November 1 this year, which is not too far way. 
Here is a short summary;

Red Flag Rules

The final rules require each financial institution and creditor that holds any consumer account, or other account for which there is a reasonably foreseeable risk of identity theft, to develop and implement an Identity Theft Prevention Program for combating identity theft in connection with new and existing accounts. The Program must include reasonable policies and procedures for detecting, preventing, and mitigating identity theft and enable a financial institution or creditor to:

1. Identify relevant patterns, practices, and specific forms of activity that are "red flags" signaling possible identity theft and incorporate those red flags into the Program;
   
2. Detect red flags that have been incorporated into the Program;
3. Respond appropriately to any red flags that are detected to prevent and mitigate identity theft; and
4. Ensure the Program is updated periodically to reflect changes in risks from identity theft.

The final rules also require credit and debit card issuers to develop policies and procedures to assess the validity of a request for a change of address that is followed closely by a request for an additional or replacement card. In addition, the final rules require users of consumer reports to develop reasonable policies and procedures to apply when they receive a notice of address discrepancy from a consumer reporting agency.