To WISPA Members -- Please review the following message concerning the
FTC's new Red Flag Rules for identifying and combating identity theft.
Thanks.
Deadline Approaching for WISPs to
Establish Identity Theft Compliance Program
As businesses increasingly rely on technology to store and
maintain data, including customer records, the risk of identity theft
also is increasing. The Federal Trade Commission ("FTC"), together with
federal banking regulatory agencies and the National Credit Union
Administration, has adopted new regulations intended to combat identity
theft. Known as the Red Flag Rules, these new regulations require
financial institutions and creditors to develop and implement a written
identity theft prevention program to identify and combat identity theft
in connection with new and existing customer accounts.
If you are an operator that provides service in advance of payment, then
your company is a "creditor" because your company regularly extends,
renews or continues credit or defers payment for goods or services. The
Red Flag Rules apply to each "covered account," which is a customer
account involving multiple payments or transactions for which there is a
foreseeable risk of identity theft. By contrast, a single,
non-continuing transaction, where no ongoing relationship exists, is not
a covered account. The Red Flag Rules may also apply to some of your
business customers.
All companies subject to the Red Flag Rules are required to
implement a written customer protection program by November 1, 2008.
This program must be designed to detect a "red flag", which is a
pattern, practice or specific activity that indicates the possible
existence of identity theft. The FTC has identified five categories of
Red Flags and provided a list of examples of the types of red flags that
fall under each category. If you are providing interconnected voice or
VoIP services, the Red Flag compliance program can be combined with your
CPNI program required by the Federal Communications Commission's rules.
The customer protection program must include policies and
procedures for: (i) detecting warning signs or "Red Flags" of identify
theft, (ii) responding to any such Red Flags in a manner that will
prevent or mitigate the identify theft, and (iii) updating the Program.
The customer protection program must be managed by the Board of
Directors or senior employees of the company if there is no Board of
Directors. Also, the customer protection program must provide for staff
training and oversight of your company's service providers.
Rini Coran has prepared a set of Guidelines to help WISPs develop a
written customer protection program. These Guidelines are intended to
assist you in designing and maintaining a customer protection program
that satisfies the Red Flag Rules, and are available to WISPA members
for a nominal fee of $250.00. If you are interested in obtaining
further information about compliance with the Red Flag Rules and/or
CPNI, and would like to obtain a copy of these Guidelines, please
contact Steve Coran at 202.463.4310 or [EMAIL PROTECTED], or Lori
Tobin at 202.955.4116 or [EMAIL PROTECTED]
Stephen E. Coran
Rini Coran, PC
1615 L Street, N.W., Suite 1325
Washington, D.C. 20036
202.463.4310 - voice
202.669.3288 - cell
202.296.2014 - fax
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> - e-mail
www.rinicoran.com <http://www.rinicoran.com/>
www.telecommunicationslaw.com <http://www.telecommunicationslaw.com/>
CONFIDENTIALITY NOTE: This e-mail and any attachments are confidential
and may be protected by legal privilege. If you are not the intended
recipient, be aware that any disclosure, copying, distribution, or use
of this e-mail or any attachment is prohibited. If you have received
this e-mail in error, please notify us immediately by returning it to
the sender and deleting or destroying the e-mail and any attachments
without retaining any copies. Thank you for your cooperation.
IRS CIRCULAR 230 DISCLOSURE: To ensure compliance with requirements
imposed by the IRS, we inform you that any U.S. tax advice contained in
this communication (including any attachments) is not intended or
written to be used, and cannot be used, for the purpose of (i) avoiding
penalties under the Internal Revenue Code or (ii) promoting, marketing
or recommending to another party any matter addressed herein.
