Skip Navigation

Red Flag Finally Flies

Bookmark and Share

On November 1st, after being pushed back twice, the Red Flag Rule (amendment to FACTA) will finally go into effect, requiring every organization “that holds any consumer account, or other account for which there is a reasonably foreseeable risk of identity theft” to develop what it calls “reasonable policies and procedures for detecting, preventing, and mitigating identity theft.”  The FTC says that the law will apply to an estimated 11 million organizations. 

While all current data protection laws require organizations to have written data protection policies and procedures, the Red Flag Rule is specifically created to emphasize the importance regulators put on them.  This is good news for the secure destruction industry, since NAID’s own statistics show that organizations with written data protection procedures are twice as likely to outsource their destruction requirements as those without them.  

To help NAID Members respond to the estimated 11 million organizations that will need to comply with the law, NAID has produced a draft Red Flag contract clause and language to update member’s policies and procedures. To obtain the documents, members must complete the NAID Red Flag Rule Release. NAID has also stepped up training on the use of the Compliance Toolkit for members looking to capitalize on the opportunity created by the imminent effective dates of the Red Flag Rule and HITECH.