Red Flag Rule requires many businesses to implement information security plan by Nov. 1

An Elgin identity theft consultant is alerting local businesses that the time for complying with the Red Flag Rule is running short.

Shea, who lives in rural Elgin and works with IDCure, a company specializing in identity theft solutions, said this week he has been going door-to-door in an effort to tell companies about the federal rule, which takes effect Nov. 1, 2008.

“Many people just don’t know about it,” Shea said. “The Federal Trade Commission has done a terrible job notifying people. Not many around here have even heard  of it.”

The Red Flag Rule is an amendment to the Fair and Accurate Credit Transaction Act, sometimes known as FACT.

 The rule states that any company which deals with a financial product or has a credit-based relationship with their customers must have a written information security plan in place by Nov. 1, 2008.

Businesses subject to the rule include but aren’t limited to those in the financial, health care, insurance, automotive and mortgage industries. The rule applies as well to vendors that serve companies.

“It’s anybody who houses information about people,” said Shea. “Any business that is concerned about the possibility of an information breach should be as pro-active in learning as much as they can.”

Shea said that companies of every size, in every industry, have suffered information breaches.

According to Shea, companies who do not comply with the Red Flag Rule could be subject to heavy penalties if an information breach occurs. The penalties  might well go beyond those imposed by authorities.

Shea said fines and civil penalties are up to $1,000 per breached customer record, per day. In addition, class action lawsuits holding executives personally and financially responsible could result.

“The fines become devastating very quickly, and can be an end- of-life event for a small to medium business,” Shea said.

Shea said identity theft, committed by people outside a company and other times by people on the inside, continues to as one of the country’s fastest growing crimes.

No matter what steps a company takes to prevent it, there is always a chance it will occur.

“You can’t really prevent this. All you can do is prepare for it,” Shea said.

A company who has complied with the Red Flag Rule and written a program will fare much better with the government than one that has not, he added.

“If you have safeguards, they can’t levy the high fines, because you took the steps to mitigate it,” he said.

Shea offers training and products designed to deal with identity theft and help companies comply with the new Red Flag rules.

He said he is as much concerned with alerting local companies of the need to comply with the new rules, as he is with selling products.

“I think it’s important people know about this,” he said.

Shea can be reached at 1-541-379-4885.