The Red Flags Rule [PDF]
The Red Flags Rule: Frequently Asked Questions
The Red Flags Rule requires many businesses and organizations to implement a written Identity Theft Prevention Program to detect the warning signs — or “red flags” — of identity theft in their day-to-day operations. The staff of the Federal Trade Commission (FTC) has heard from companies across the country that are developing Programs. Their questions — and the FTC’s answers — may help you develop a Program for your business.
These FAQs relate only to the Red Flags Rule and don’t address the applicability of other laws. If you work for a bank, federally chartered credit union, or savings and loan, check with your federal regulatory agency for guidance. The FAQs represent the opinions of the FTC staff, and aren’t binding on the Commission. FTC staff will update these FAQs to address new questions from businesses.
Who Must Comply with the Red Flags Rule
How To Comply: A Four-Step Process
Updates at the FTC
Agencies Issue Frequently Asked Questions on Identity Theft Rules
Complete Text of the Red Flags Rule
FTC Will Grant Six-Month Delay of Enforcement of ‘Red Flags’ Rule
Agencies Issue Final Rules on Identity Theft Red Flags and Notices of Address Discrepancy
Additional Information at the FTC
Letter from Chairman Jon Leibowitz to Nydia M. Velazquez, Chairwoman, Committee on Small Business, United States House of Representatives (May 26, 2009) [PDF]
Letter from Division of Privacy & Identity Protection to Margaret Garikes (Mar. 11, 2009) [PDF]
Letter from AMA Director of Federal Affairs Margaret Garikes to Chairman William Kovacic (Feb. 23, 2009) [PDF]
Letter from Bureau of Consumer Protection Concerning Applicability of the Red Flags Rule to Health Care Providers (Feb. 4, 2009) [PDF]
Letter from AMA Director of Federal Affairs Margaret Garikes to Chairman William Kovacic (Sept. 30, 2008) [PDF]