Privacy Issues in the Workplace

D. E MPLOYER ’ S O BLIGATION TO P REVENT I DENTITY T HEFT The Fair and Accurate Credit Transactions Act require that all “creditors” (including local government agencies that defer payments for goods or services) have policies and procedures in place to help prevent identity theft. 1. S ECTION 114 OF THE FACT A CT Section 114 of the Act requires that each “creditor” that offers or maintains “covered accounts” develop and implement an Identity Theft Prevention Program (ITPP) for combating identity theft in connection with new and existing accounts. a. Complying with the Red Flags Rules To comply with the new FACT Act regulations, known as the Red Flags Rules, entities will be required to provide for the identification, detection, and response to patterns, practices, or specific activities (“red flags”) that could indicate identity theft in their identity theft prevention programs. The Red Flags Rules apply to “creditors” with “covered accounts.” Under the Red Flags Rules, creditors must develop a written program that identifies and detects the relevant warning signs – or “red flags” – of identity theft. These may include, for example, unusual account activity, fraud alerts on a consumer report, or attempted use of suspicious account application documents. The program must also describe appropriate responses that would prevent and mitigate the crime and detail a plan to update the program. The program must be managed by the Board of Directors or senior employees of the creditor, include appropriate staff training, and provide for oversight of any service providers. A “creditor” includes government entities which defer payment for goods or services (for example, payment for utilities or payment plans for parking tickets). “Deferring payments” refers to postponing payments to a future date and/or installment payments on fines or costs. A “covered account” is an account used mostly for personal, family, or household purposes, and that involves multiple payments or transactions. Covered accounts include credit card accounts, mortgage loans, automobile loans, margin accounts, cell phone accounts, utility accounts, checking accounts, and savings accounts. A covered account includes an account for which there is a foreseeable risk of identity theft – for example, small business or sole proprietorship accounts. b. What are Red Flags? The Red Flags Rules provide all creditors the opportunity to design and implement a program (ITPP) that is appropriate to their size and complexity, as well as the nature of their operations. The Federal Trade Commission has identified 26 examples of red flags. These red flags are not a checklist, but rather, are examples that creditors may want to use as a starting point. The 26 red flags fall into five categories:

1) Alerts, notifications, or warnings from a consumer reporting agency (for example, a fraud alert included with a consumer report);

Privacy Issues in the Workplace ©2019 (s) Liebert Cassidy Whitmore 121