As discussed in Issue No. 115 of The GPMemorandum (Jan. 21, 2009), the new federal “Red Flags Rule” requires certain businesses to establish written programs to detect, identify, and respond to signs of possible identity theft. The rule is aimed at reducing identity theft by making it more difficult for thieves to use stolen identity information to purchase goods or services. Enforcement by the Federal Trade Commission was set to begin November 1, 2009, but has now been delayed (again) until June 1, 2010. http://www.ftc.gov/opa/2009/10/redflags.shtm
Application of the Red Flags Rule. The Red Flags Rule applies to “creditors” with “covered accounts.” Businesses are considered “creditors” under the rule if they regularly extend credit, for example, by deferring payments owed, by allowing purchase of items on credit, or by arranging or providing financing. Under the rule, however, businesses are required to have a written identity theft program only if they have “covered accounts,” which include accounts with individuals for personal or household purposes or any accounts that have risk of identity theft. The FTC has issued guidance to assist in evaluating whether a franchisor is subject to the Red Flags Rule: http://www.ftc.gov/bcp/edu/pubs/articles/art14.shtm
In some franchise systems, while the franchisor may not be subject to the rule, the franchisees are covered (for example, franchise businesses that provide services on Net 30 payment terms). The FTC recently issued a “do-it-yourself” Identity Theft Prevention Program for use by companies that have a low risk of identity theft, and this online tool may be useful for franchisees covered by the rule: http://www.ftc.gov/bcp/edu/microsites/redflagsrule/get-started.shtm
Compliance with the Red Flags Rule. If a business has covered accounts, the rule requires it to develop a written program to detect, prevent, and mitigate identity theft by noting “Red Flags” indicating possible theft. The warning signs may include forged or altered photo identifications or documents, invalid Social Security numbers, the use of an account that has been inactive for a long period, or signals of possible identity theft discovered during a credit check, such as fraud alerts, address discrepancies, and credit freezes. The rule is flexible in that the compliance programs should be tailored to the nature and risk of the business.
The information contained in this post is provided to alert you to legal developments and should not be considered legal advice. It is not intended to and does not create an attorney-client relationship. Specific questions about how this information affects your particular situation should be addressed to one of the individuals listed. No representations or warranties are made with respect to this information, including, without limitation, as to its completeness, timeliness, or accuracy, and Lathrop GPM shall not be liable for any decision made in connection with the information. The choice of a lawyer is an important decision and should not be based solely on advertisements.
About this Publication
The Franchise Memorandum is a collection of postings on summaries of recent legal developments of interest to franchisors brought to you by Lathrop GPM LLP.
To subscribe to monthly emails for The Franchise Memorandum, please click here.