Second Quarter 2009

Subscribe to our email list

In this issue:

    • Federal Trade Commission Red Flag Rules
    • The Firm Welcomes Howard A. Matalon
    • Joseph S. Pecora becomes a Certified Information Privacy Professional
    • Hugs From Home

 

Federal Trade Commission Red Flag Rules:
Necessary Compliance Programs to Quell Identity Theft

The Federal Trade Commission (FTC) recently published regulations commonly referred to as the “Red Flag Rules.” Enforcement of those Rules was scheduled to take effect on May 1, 2009. However, on April 30, 2009 the FTC suspended enforcement until August 1, 2009. [1]

The Red Flag Rules implement certain aspects of the Fair and Accurate Credit Transactions Act (FACTA). FACTA is a federal law that amends the Fair Credit Reporting Act (FCRA) with various identity theft prevention provisions, and includes mechanisms to increase the accuracy of credit reporting.

The Rules apply to all “financial institutions” and “creditors” who maintain “covered accounts.” The Red Flag Rules are aimed at mitigating against the risk of identity theft.

What does this all mean to you? [2] It may mean that your business, even if it is not a “financial institution” or a “creditor” in the traditional sense, is covered by the Red Flag Rules, and you need to develop and implement a written identity theft management program. The FTC has recently been advising that the definition of “creditor” could encompass any business of any size that does not receive payment in full for its goods or services at the time of providing the same. If a business is deemed a “creditor” or “financial institution” dealing with “covered accounts,” then the business must comply with the regulations.

Trade associations on behalf of medical practitioners inquired about whether the definition of “creditor” applied to them. The FTC issued an article for business indicating, “[a]lthough you may not think of your practice [healthcare providers] as a ‘creditor’ in the traditional sense of a bank or mortgage company, the law defines ‘creditor’ to include any entity that regularly defers payments for goods or services or arranges for the extension of credit.”

Based on the FTC’s interpretation of the term “creditor,” if you bill for goods or services on account, you should examine whether you maintain “covered accounts.” A covered account is a consumer account primarily for personal, family, or household purposes that allows multiple payments or transactions or any other account with a reasonably foreseeable risk of identity theft.

The actions of the FTC also suggest that all businesses providing services or goods to individuals (or businesses where there is a risk of individual identity theft) and billing for those services or goods after-the-fact or over time should consider establishing a Red Flags Program.

The Red Flag Rules allow for flexibility in designing and implementing the system based upon your business. Thus, the administrative burden should not be tremendously difficult for most small businesses. The FTC has published at its website, a “How To” Guide concerning Red Flag Rule compliance.

Beyond the Red Flag Rules, certain businesses handling “personal information” (which is beyond the scope of this article) already have legal obligations to have written policies and administrative, technical, and security measures intact to comply with numerous state identity theft prevention statutes. Taking steps to ensure the privacy of your employees and customers is also good business practice that can now competitively differentiate your business from others. Therefore, dealing with compliance on these issues should not be viewed as a burden, but rather an opportunity. Should you need assistance in dealing with implementing any type of data privacy and/or information security compliance programs, please contact Joe Pecora at jpecora@olenderfeldman.com.

___________________________

[1] These Rules had previously been extended for a period of 6 months before the current 3 month extension. The Rules were published by the FTC and financial regulators. The FTC’s extension does not prevent other federal financial regulators with jurisdiction over certain regulated entities from enforcing the Rules.
[2] This article seeks to inform businesses that are not viewed as traditional “financial institutions.”

Howard A. Matalon joins the Firm as Partner

Howard Matalon focuses his practice in the areas of complex commercial litigation, intellectual property matters, employment related litigation, business and consumer fraud, restrictive covenant prosecution and defense, as well as whistleblower defense. In addition, Howard has experience in the design and implementation of sophisticated regulatory compliance programs and providing routine advice on compliance issues.

Howard earned his Bachelor of Arts from Brandeis University and his J.D. from Boston University School of Law. He is admitted to the New Jersey bar and Federal District Court, Third Circuit, Eighth Circuit and Ninth Circuit. He clerked for Supreme Court Justice Alan B. Handler and served on the District Ethics Committee, District VA in Essex County for four years. Howard was also on the Editorial Board of New Jersey Lawyer for eleven years.

Joseph S. Pecora, Jr. becomes a Certified Information Privacy Professional

We are proud to announce that Joe Pecora, Jr., has achieved Certified Information Privacy Professional (CIPP) accreditation. CIPP status is conferred by the International Association of Privacy Professionals (IAPP), widely recognized as the leading association of privacy professionals. The IAPP developed the first credentialing program to educate and certify individuals in the field of information security and privacy. To achieve the CIPP designation one has to be a member of IAPP, pass written Certification Foundation and U.S. Corporate Privacy Examinations, and maintain continuing education requirements.

Hugs From Home

In April OlenderFeldman joined Office Furniture Partnership in its third year of sending tubes filled with thoughtful gifts to the military troops overseas. From sunblock to magazines, more than 2,000 soldiers received these items as a message of thanks for all that they are doing. For more information, contact: karen@officefurniturepartnership.com

Be Sociable, Share!

OLENDERFELDMAN LLP IN THE NEWS

Businesses, Politicians Raise Red Flag on Google Glass (MSN, 5/20/2013)

Google Glass: Too Risky to Let Inside Your Business? (Inc.com, 5/7/2013)

Cyberattacks On Credit-Card Systems Rise (Crains New York, 5/1/2013)

Warning: Your Small Business May Have Already Been Hacked (Yahoo! Small Business, 4/25/2013)

Will my Husband's Business Card Debt Hurt my Credit After Divorce? (Fox Business, 4/25/2013)

What Are Your Rights As A Photographer? (TechHive, 4/13/2013)

Will Lawmakers Ban Google Glass? (Fox News, 3/27/2013)

Patent Trolls Pursue Midsize Companies (Information Week, 2/5/2013)

When Should You Provide Your Social Security Number? (State Farm's Fast Tracks, November, 2012)

Q&A: Protecting Your Name and Logo (Fox Business News, 7/23/2012)

E-Discovery: Your Data, Their Cloud, and the Law (HP.com, 7/2/2012)

How To Keep Your Facebook Profile Private Yet Usable (ReadWriteWeb.com, 6/29/2012)

Don't be Stupid With an Unwanted Smartphone (Fox Business News, 6/26/2012)

Is it safe to ditch your old smartphone? (Bankrate.com, 6/26/2012)

Big Brother Is Watching: Why Social Media Policies Make Good Business Sense (Workforce.com, 6/21/2012)

Five Things Every Social Media Policy Should Do (Workforce.com, 6/21/2012)

Experts: Do-Not-Track Proposal is Lacking (ReadWriteWeb, 6/4/2012)

Shopping Around Too Tiring? Use Smartphone (Fox Business News, 5/30/2012)

Smartphone shopping apps save time, money (Bankrate.com, 5/30/2012)

Are Frequent Shopper Cards Compromising Your Privacy? (YourSecurityResource.com, 5/9/2012)

Attorney: Judge’s landmark Facebook ruling means ‘Big employer is watching’ (RawStory.com, 5/9/2012)

Pondering Google Drive: Who owns your data in the cloud? (Techworld, 5/7/2012)

Google Drive Begs the Question: Who Owns Your Data in the Cloud? (CIO.com, 5/3/2012)

What Concerns Do Mobile Devices Present for Hedge Fund Managers, and How Should Those Concerns Be Addressed? (Part Three of Three) (Hedge Fund Law Report, 4/26/2012)

What Concerns Do Mobile Devices Present for Hedge Fund Managers, and How Should Those Concerns Be Addressed? (Part Two of Three) (Hedge Fund Law Report, 4/19/2012)

What Concerns Do Mobile Devices Present for Hedge Fund Managers, and How Should Those Concerns Be Addressed? (Part One of Three) (Hedge Fund Law Report, 4/12/2012)

RFID Technology Conjures 'Big Brother' Fears over Privacy (Rigzone, 2/6/2012)

How Pinterest Uses Your Content Without Violating Copyright Laws (ReadWriteWeb, 1/31/2012)

Vast Scope of Chanel Counterfeit Ruling May Render It Useless (TechNewsWorld, 12/1/2011)

Making money off your mistakes:' Meet the creator of 'stalker porn' (The Globe and Mail, 11/11/2011)

The Man Who Makes Money Publishing Your Nude Pics (The Awl, 11/10/2011)

Lawyers on IMDB suit: 'It's going to be an uphill fight' (Entertainment Weekly, 10/19/2011)