Leadership / Management | Technology & Social Media

Identity theft: Do you know the ‘red flags?’

IDtheft It's time to get serious about identify theft.

That's the take of the Federal Trade Commission, anyway. The FTC has implemented what's commonly know as the "Red Flag Rule." The rule requires many businesses -- and yes, for the time being, that includes CPA firms -- to enact policies that will, in the FTC's own words, "detect the warning signs –- or 'red flags' –- of identity theft in their day-to-day operations."

The rule isn't new; the federal legislation that led to the rule was passed in 2003. But there are a few pieces of timely information that you need to know.

The first is the implementation date: The deadline to comply currently stands at Nov. 1, 2009.

  • UPDATE: The FTC has delayed the enforcement deadline for its "Red Flags Rule" until June 1, 2010. Get details here.

The second is this: The profession is working to convince regulators that CPAs should be exempt from the rule "based on the fact that CPAs are already required, through state laws, professional codes of conduct and IRS regulations, to maintain client confidentiality such that identity theft is very unlikely." That's a direct quote from the AICPA's Information Technology Center. Details on that effort will be made available as warranted.

The third piece of information is ... well, information.

The AICPA has put together an impressive set of resources related to the rule and identity theft in general. It includes:

Particularly interesting is "A CPA's Guide to Creating an Identity Theft Prevention Program," which outlines "the four basic steps to designing a program" to comply with the rule:

  1. Identify relevant red flags.
  2. Detect red flags.
  3. Prevent and mitigate identity theft.
  4. Update the program periodically.

The guide offers advice on how to complete each step. Read it in its entirety, then check out the rest of the information in the AICPA's identity theft resource center.

I'm working on a related podcast that features an interview with Dr. Marilyn Prosch, an associate professor in the Department of Information Systems Management at Arizona State University. Technical glitches and scheduling SNAFUs have delayed that podcast a bit, but keep an eye on this space; I'll be posting a link to the podcast soon.

In the meantime, keep your other eye peeled for those red flags. The FTC expects nothing less.


Bill Sheridan