Information on Red Flags Rule

The Federal Trade Commission has issued new rules for businesses on the protection of sensitive customer information. All mortgage brokers will have to comply with these new rules. These new rules basically require all “financial institutions” to implement written policies to detect, prevent, and mitigate instances of identity theft.

Here is a list of resources to help you make sure your company is in compliance.

For a good general overview of the new rules and examples of steps you can take in your office to comply please read the following documents put out by the FTC:

• FTC Facts for Business - Complying with the Safeguards Rule
• Business Identity Theft

The FTC has listed specific ways to dispose of consumer reports. This would include all credit reports. For more on what you should do read:

• Disposing of Consumer Report Info

Should you realize there has been a breach in your security and your customer’s personal information might be at risk, there are steps to follow. Read the following document for more information:

• FTC Facts - Risk of Identity Theft

The FTC has also created an online tutorial at www.ftc.gov/infosecurity.

If you would like to read the full text of the rule please visit: http://ftc.gov/os/fedreg/2007/november/071109redflags.pdf

The preamble to the rules (pages 63718-63752) provides guidance regarding the rationale behind the rules and the scope of coverage. The text of the FTC rules can be found at pages 63771-63773. The Guidelines (pages 63773-63774) provide compliance guidance and address a series of issues that covered entities must consider in developing their Identity Theft Prevention Program. The Supplement to the Guidelines (page 63774) provides a non-exhaustive list of 26 red flags that covered entities may wish to consider incorporating into their programs.