Skip Navigation

The FTC To Enforce Tighter Information Controls

Bookmark and Share

Data security legislation may be in low gear in Congress this year, but the Federal Trade Commission is on the case, and that could mean trouble for lax companies.

"The FTC has stepped into the void," says an FTC official in a recent speech. "And every proposal for comprehensive legislation has the FTC playing an important role."

For one thing, the commission is now finalizing its "I.D. Theft Red Flags Rule," requiring that companies spot and address identity theft risks. Proposed under the Fair and Accurate Credit Transactions Act, it would implement statutory provisions requiring each financial institution and creditor to have a risk-based written I.D. theft prevention program.

Further, the FTC has also announced it will be aggressively pursuing companies for allowing security breaches to occur or for not having protections in place.

NAID is in regular contact with the FTC on these issues and will be providing more detailed information on these developments. And, while NAID is still optimistic that a strong, comprehensive national destruction law will eventually emerge, the I.D. Red Flag Rules and the more aggressive enforcement will no doubt provide another strong selling opportunity for the industry in the coming months.

The bottom line is that the FTC’s continued interest in turning up the heat is because there has been no progress in stemming the problem of I.D. Theft. The FTC continues to receive 15,000-20,000 I.D. Theft complaints a week.