Red Flag Rule
On January 1, 2011 after being pushed back multiple times, the Red Flag Rule (amendment to FACTA) will finally go into effect, requiring every organization “that holds any consumer account, or other account for which there is a reasonably foreseeable risk of identity theft” to develop what it calls “reasonable policies and procedures for detecting, preventing, and mitigating identity theft.”  The FTC says that the law will apply to an estimated 11 million organizations. What is the "Red Flag" Rule? The Red Flag Rule was promulgated by the Federal Trade Commission and other federal agencies charged with overseeing compliance to the Financial Service Modernization Act (GLB), the Fair Credit Reporting Act (FCRA) and the Fair and Accurate Credit Transaction Act (FACTA). It states that all financial institutions and others who are considered "creditors" must: Identify in writing the areas of their operation where the personal information of their clients is at risk of unauthorized access Develop written procedures to mitigate that risk Detect unauthorized access if or when it happens Periodically re-evaluate and update your Program How do I comply? If you work for a bank, federally chartered credit union, or savings and loan, check with your regulatory agency for guidance. Otherwise, the FTC's booklet, Fighting Fraud with the Red Flags Rule: A How-To Guide for Business, has tips for determining if you are covered by the Rule. Fighting Fraud with the Red Flags Rule: A How-To Guide for Business Every healthcare organization and practice must review its billing and payment procedures to determine if it's covered by the Red Flags Rule. Whether the law applies to you isn't based on your status as a healthcare provider, but rather on whether your activities fall within the laws' definition of two key terms: "creditor" and "covered account". The "Red Flags" Rule: What Health Care Providers Need to Know The Red Flags Rule gives you the flexibility to design an Identity Theft Prevention Program appropriate for your business, given its size and potential risk for identity theft. While some companies need a comprehensive Program, businesses and organizations at low risk for identity theft may find that a streamlined Program fits the bill. If you are at low risk for identity theft, this do-it-yourself Program may be sufficient.  Create your own Identity Theft Prevention Program: A Guided 4-step process How can Polar Shredding help? While Polar Shredding is not subject to the Red Flag Rule directly, we have provisions within our operations and Confidential Destruction Agreement to help our clients comply with their Red Flag Rule obligations: Polar Shredding is a member of NAID (National Association for Information Destruction). Therefore we identify all areas of our operation where information transferred to our custody for processing is put at risk of unauthorized access. Our company's compliance with security measures specifically designed to mitigate these risks is verified through periodic announced and unannounced audits by accredited, authorized third-party security professionals. As a condition of employment, all Polar Shredding employees are required to notify management of any actual or potential unauthorized access to information transferred to our custody for processing. If such information is verified by management to constitute unauthorized access to information transferred to our custody, it is our policy to fully disclose to clients all relevant details in a timely manner and to reasonably cooperate in any subsequent investigation. The acceptance, transfer and processing of information transferred to our custody shall be documented and verified in writing and such documentation made available to the customer in the course of business upon request. Data security plays an essential role in keeping people's sensitive information from falling into the wrong hands. Protect what you have a legitimate business reason to keep and securely dispose of what you no longer need. Our secure mobile shredding service provides you with consistent, reliable, and cost-effective shredding and ensures sensitive information is safeguarded and properly destroyed: We provide your offices with free lockable document disposal containers that prevent unauthorized access to sensitive information On a schedule that suits your needs, our bonded and insured shredding specialist securely shreds your information We provide you with a Certificate of Destruction: a third-party verification that your information was completely and confidentially destroyed in accordance with NAID specifications and Federal Regulations
Your secure mobile NJ Shredding Service