Second Quarter 2009
In this issue:
- Federal Trade Commission Red Flag Rules
- The Firm Welcomes Howard A. Matalon
- Joseph S. Pecora becomes a Certified Information Privacy Professional
- Hugs From Home
Federal Trade Commission Red Flag Rules:
Necessary Compliance Programs to Quell Identity Theft
The Federal Trade Commission (FTC) recently published regulations commonly referred to as the “Red Flag Rules.” Enforcement of those Rules was scheduled to take effect on May 1, 2009. However, on April 30, 2009 the FTC suspended enforcement until August 1, 2009. 
The Red Flag Rules implement certain aspects of the Fair and Accurate Credit Transactions Act (FACTA). FACTA is a federal law that amends the Fair Credit Reporting Act (FCRA) with various identity theft prevention provisions, and includes mechanisms to increase the accuracy of credit reporting.
The Rules apply to all “financial institutions” and “creditors” who maintain “covered accounts.” The Red Flag Rules are aimed at mitigating against the risk of identity theft.
What does this all mean to you?  It may mean that your business, even if it is not a “financial institution” or a “creditor” in the traditional sense, is covered by the Red Flag Rules, and you need to develop and implement a written identity theft management program. The FTC has recently been advising that the definition of “creditor” could encompass any business of any size that does not receive payment in full for its goods or services at the time of providing the same. If a business is deemed a “creditor” or “financial institution” dealing with “covered accounts,” then the business must comply with the regulations.
Trade associations on behalf of medical practitioners inquired about whether the definition of “creditor” applied to them. The FTC issued an article for business indicating, “[a]lthough you may not think of your practice [healthcare providers] as a ‘creditor’ in the traditional sense of a bank or mortgage company, the law defines ‘creditor’ to include any entity that regularly defers payments for goods or services or arranges for the extension of credit.”
Based on the FTC’s interpretation of the term “creditor,” if you bill for goods or services on account, you should examine whether you maintain “covered accounts.” A covered account is a consumer account primarily for personal, family, or household purposes that allows multiple payments or transactions or any other account with a reasonably foreseeable risk of identity theft.
The actions of the FTC also suggest that all businesses providing services or goods to individuals (or businesses where there is a risk of individual identity theft) and billing for those services or goods after-the-fact or over time should consider establishing a Red Flags Program.
The Red Flag Rules allow for flexibility in designing and implementing the system based upon your business. Thus, the administrative burden should not be tremendously difficult for most small businesses. The FTC has published at its website, a “How To” Guide concerning Red Flag Rule compliance.
Beyond the Red Flag Rules, certain businesses handling “personal information” (which is beyond the scope of this article) already have legal obligations to have written policies and administrative, technical, and security measures intact to comply with numerous state identity theft prevention statutes. Taking steps to ensure the privacy of your employees and customers is also good business practice that can now competitively differentiate your business from others. Therefore, dealing with compliance on these issues should not be viewed as a burden, but rather an opportunity. Should you need assistance in dealing with implementing any type of data privacy and/or information security compliance programs, please contact Joe Pecora at firstname.lastname@example.org.
 These Rules had previously been extended for a period of 6 months before the current 3 month extension. The Rules were published by the FTC and financial regulators. The FTC’s extension does not prevent other federal financial regulators with jurisdiction over certain regulated entities from enforcing the Rules.
 This article seeks to inform businesses that are not viewed as traditional “financial institutions.”
Howard A. Matalon joins the Firm as Partner
Howard Matalon focuses his practice in the areas of complex commercial litigation, intellectual property matters, employment related litigation, business and consumer fraud, restrictive covenant prosecution and defense, as well as whistleblower defense. In addition, Howard has experience in the design and implementation of sophisticated regulatory compliance programs and providing routine advice on compliance issues.
Howard earned his Bachelor of Arts from Brandeis University and his J.D. from Boston University School of Law. He is admitted to the New Jersey bar and Federal District Court, Third Circuit, Eighth Circuit and Ninth Circuit. He clerked for Supreme Court Justice Alan B. Handler and served on the District Ethics Committee, District VA in Essex County for four years. Howard was also on the Editorial Board of New Jersey Lawyer for eleven years.
Joseph S. Pecora, Jr. becomes a Certified Information Privacy Professional
We are proud to announce that Joe Pecora, Jr., has achieved Certified Information Privacy Professional (CIPP) accreditation. CIPP status is conferred by the International Association of Privacy Professionals (IAPP), widely recognized as the leading association of privacy professionals. The IAPP developed the first credentialing program to educate and certify individuals in the field of information security and privacy. To achieve the CIPP designation one has to be a member of IAPP, pass written Certification Foundation and U.S. Corporate Privacy Examinations, and maintain continuing education requirements.
Hugs From Home
In April OlenderFeldman joined Office Furniture Partnership in its third year of sending tubes filled with thoughtful gifts to the military troops overseas. From sunblock to magazines, more than 2,000 soldiers received these items as a message of thanks for all that they are doing. For more information, contact: email@example.com