Identity theft is a financial concern for all American families. In addition to our own personal identity theft, individuals who own a business may also be at significant risk for this financial crisis. If you are considering the start of your own business, or if you already own your own business, it is important to become familiar with the financial implications of business identity theft and find ways in which to prevent and protect your business from such an event.
The Federal Trade Commission (FTC) is now enforcing a regulatory requirement for businesses, commonly known as the Red Flags Rule of 2003. While the Rule was developed in 2003, it has only recently become one that is enforced by the FTC – requiring businesses to take specific steps to protect themselves against identity theft. While not all businesses are subject to the rule, many will be and your business may be especially targeted if you hold information that contains your client’s social security numbers and other financial information.
The FTC will require that your business develop a written plan that outlines the steps that will be taken to prevent identity theft of not only your business but also the steps to prevent identity theft of client information. Within that plan, it will be necessary that business owners outline how they will identify will such violations have taken place within their business and how their reporting and remedy plan will be established.
To accept a payment by credit card does not mean your business will be subject to the Red Flags Rule of 2003. If you are planning to accept credit card payments in your business, however, you will want to consider developing the identity theft protection plan as a way to safeguard your business interests should there ever be a report filed against you at the Federal Trade Commission, FTC.
Many organizations that specialize in the start of small businesses can provide you with information on what businesses are included in the new regulation with regard to the Red Flags Rule of 2003. Even if your business vertical or business industry is not listed within the guidelines from the FTC, you may still want to look at purchasing and establishing a business identity theft protection plan that includes data security and a written plan in compliance with the FTC regulations. In doing so, you can show a good-faith effort to safeguard your business and your clients’ personal information.
Sources: DVM360, May 2009, pg 54.