Home 
Municipal Government ‘Red flags rule’ takes effect June 1
Regulations requiring many municipalities to develop written programs to identify, detect and respond to identity theft activities take effect on June 1.
The regulations, known as the “red flags rule” (16 C.F.R. 681), were promulgated by the Federal Trade Commission pursuant to the Fair and Accurate Credit Transactions Act of 2003.
The rule applies to all municipalities that act as “creditors,” in that they provide services for which payment is deferred (such as for water, sewer and electric services). The “red flags rule” covers only what are considered voluntary transactional activities, so it does not apply to tax bills, parking tickets, fines and “flat-fee” utility bills.
The rule defines “red flags” as a “pattern, practice or specific activity that indicates the possible existence of identity theft.” The Federal Trade Commission has identified 26 examples of red flags, which are spelled out in the rule.
The required municipal program should identify relevant red flags, detect red flags, and respond appropriately to any red flags. The program must be updated periodically to reflect changes in the risk to customers.
A “creditor” municipality should report confirmed incidents of identity theft to local police and the FBI or Secret Service, under certain circumstances. Municipalities that do not comply face civil penalties of up to $3,500 per violation or an injunction.
The extent to which municipalities would be expected to comply when third parties, such as PayPal, are involved in processing transactions is unclear.
The red flags rule was originally supposed to take effect two years ago, but the Federal Trade Commission has delayed its implementation.
For more information, visit the Federal Trade Commission Web site.
• Identity Theft Prevention Program Compliance Model (56K PDF)
Municipal Government ‘Red flags rule’ takes effect June 1
‘Red flags rule’ takes effect June 1
Regulations requiring many municipalities to develop written programs to identify, detect and respond to identity theft activities take effect on June 1.
The regulations, known as the “red flags rule” (16 C.F.R. 681), were promulgated by the Federal Trade Commission pursuant to the Fair and Accurate Credit Transactions Act of 2003.
The rule applies to all municipalities that act as “creditors,” in that they provide services for which payment is deferred (such as for water, sewer and electric services). The “red flags rule” covers only what are considered voluntary transactional activities, so it does not apply to tax bills, parking tickets, fines and “flat-fee” utility bills.
The rule defines “red flags” as a “pattern, practice or specific activity that indicates the possible existence of identity theft.” The Federal Trade Commission has identified 26 examples of red flags, which are spelled out in the rule.
The required municipal program should identify relevant red flags, detect red flags, and respond appropriately to any red flags. The program must be updated periodically to reflect changes in the risk to customers.
A “creditor” municipality should report confirmed incidents of identity theft to local police and the FBI or Secret Service, under certain circumstances. Municipalities that do not comply face civil penalties of up to $3,500 per violation or an injunction.
The extent to which municipalities would be expected to comply when third parties, such as PayPal, are involved in processing transactions is unclear.
The red flags rule was originally supposed to take effect two years ago, but the Federal Trade Commission has delayed its implementation.
For more information, visit the Federal Trade Commission Web site.
• Identity Theft Prevention Program Compliance Model (56K PDF)
