Dozier Internet Law: November 1 Drop Dead Date for Compliance with New FTC ID Theft Rules

Dozier Internet Law today issued a special advisory notice relating to the new Federal Trade Commission requirements for creditors set to go into effect on November 1, 2008. This is the date of compliance-which means that if you are an online business extending credit you may be covered under the law.   

These new rules mandate the development and implementation of a written program that identifies and detects "red flags" of identity theft.  The program must also describe appropriate responses that would prevent or mitigate the crime and detail a plan to update the program, must be managed by senior employees, and must include oversight provisions for contractors and third party service providers. The program documentation and business process needs to be reasonable given the nature of an online business, but this is an objective reasonableness. In other words, a small business owner's subjective thoughts of what is reasonable is not the measure of adequacy or compliance.

Dozier Internet Law provides coverage advice and assists in the drafting, documentation, and implementation of the processes required by these new rules. It is essential that if your online business takes credit card payments or otherwise extends, renews, continues, or receives through assignment credit commitments you have a qualified attorney determine if your business is covered by these "Red Flag" rules. While many of the indications of identity theft are already used by businesses to avoid credit losses, the key to compliance with the Federal Trade Commission rules, and avoiding prosecution, civil fines, and potentially devastating publicity that cuts to the core of a small business'  customer relationships, is to document reasonable processes in a formalized manner.