Latest Video
[CaRP] Database error while checking when the cache was last updated.
[CaRP] Database error attempting to check cache update time.
[CaRP] Failed to access database cache record.
[CaRP] Database error attempting to retrieve cache record.
Newsfeed display by CaRP
Latest Blog Post
[CaRP] Database error while checking when the cache was last updated.
[CaRP] Can't open remote newsfeed [500].
[CaRP] Database error attempting to retrieve cache record.
Newsfeed display by CaRP
News for Consumers
[CaRP] Database error while checking when the cache was last updated.
[CaRP] Database error attempting to check cache update time.
[CaRP] Failed to access database cache record.
[CaRP] Database error attempting to retrieve cache record.
Newsfeed display by CaRP
About the Red Flags Regulations
The Federal Trade Commission's new rules on identity theft, known as "Red Flags Rules," require financial institutions, utilities, and other creditors to set up programs aimed at preventing identity theft. Because of the definition of "creditor" in these rules, many municipalities may be affected. Joint rules and guidelines were issued by the Department of the Treasury's Office of the Comptroller of the Currency (OCC) and Office of Thrift Supervision (OTS), the Board of Governors of the Federal Reserve System (Board), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), and the Federal Trade Commission (FTC or Commission). They implement sections 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003 (FACT Act). The joint final rules and guidelines were effective January 1, 2008. The mandatory compliance date for this rule is November 1, 2008. The FTC will grant six-month delay (until May 1, 2009) of enforcement of the 'red flags' rule requiring creditors and financial institutions to have identity theft prevention programs. See FTC News Release, October 22, 2008.
MRSC is providing information developed by several of the state municipal leagues on the compliance measures, as well as the FTC regulations. The University of Tennessee's Municipal Technical Advisory Service (MTAS) and the Tennessee Association of Utility Districts have prepared model documents that are linked below. Before adopting any model provisions, it is strongly recommended that Washington local governments consult with their attorneys. When sample policies are received from Washington municipalities, they will be posted here.
Federal Trade Commission Regulations
- Agencies Issue Final Rules on Identity Theft Red Flags and Notices of Address Discrepancy - FTC
- New ‘Red Flag’ Requirements for Financial Institutions and Creditors Will Help Fight Identity Theft - June 2008;
Identity Theft Red Flags and Address Discrepancies Under the Fair and Accurate Credit Transactions Act of 2003; Final Rule, published November 9, 2007The rules implementing section 114 require each financial institution or creditor to develop and implement a written Identity Theft Prevention Program (Program) to detect, prevent, and mitigate identity theft in connection with the opening of certain accounts or certain existing accounts. In addition, the Agencies are issuing guidelines to assist financial institutions and creditors in the formulation and maintenance of a Program that satisfies the requirements of the rules. The rules implementing section 114 also require credit and debit card issuers to assess the validity of notifications of changes of address under certain circumstances. Additionally, the Agencies are issuing joint rules under section 315 that provide guidance regarding reasonable policies and procedures that a user of consumer reports must employ when a consumer reporting agency sends the user a notice of address discrepancy.
- Federal Trade Commission, The FTAC Act - Overview: An Overview of the Final Rulemaking on Identity Theft Red Flags and Address Discrepancies (
100 KB), Pavneet Singh and Tiffany George, Attorneys for Division of Privacy and Identity Protection, Federal Trade Commission
- The “Red Flags” Rule: What Utility Companies Need to Know About Complying with New Requirements for Fighting Identity Theft (106 KB), by Tiffany George and Pavneet Singh, Federal Trade Commission, January 2009
Information from Washington State Local Governments and Organizations
- Memo to All Cities ( 316 KB) from Kristin N. Eick and Phil A. Olbrechts, Ogden Murphy Wallace, October 20, 2008 Re FACTA Red Flag Guidelines and Sample Program
- Washington Association of Sewer and Water Districts - Note each utility should review these documents with their attorney
- Identity Theft Program ( 2 MB) - A memo explaining the purpose and requirements of the Red Flags Rule as promulgated by the Federal Trade Commission
- Memo ( 193 KB) From Inslee Best to Washington Association of Sewer and Water Districts, October 7, 2008 - Compliance with FACTA Red Flags Rule; Preparation, Adoption, and Implementation of the Identity Theft Program by November 1, 2008
- Sample Resolution Approving and Adopting an Identity Theft Program ( 60 KB)
- Red Flags Rule Identity Theft Prevention Program Workshop ( 94 KB) - Notice of workshop held October 14, 2008, by The Washington Association of Sewer and Water Districts and through the generosity of Northshore Utility District and the Law Firm of Inslee, Best, Doezie & Ryder, P.S. for general and financial management staff of water-sewer districts.
- Identity Theft Program (
Washington Local Government Examples
- Bothell Resolution No. 1231( 67 KB) - Adopts an indentity theft program, 4-08-09
- Clark County PUD Resolution No. 6889 ( 195 KB) - Adopts an identity theft program and delegates program administration to the general manager, passed 10-08
- Ellensburg Resolution No. 2008-40 ( 314 KB) - Adopts the Ellensburg identity theft program, 11-17-08
- Issaquah Resolution No. 2009-04 ( 34 KB) - Adopts an indenty theft prevention program, 4-0-09
- La Center Resolution No. 08-303 ( 300 KB) - Adopts identity theft prevention program for use by city sewer utility, passed 10-22-08
- Friday Harbor Resolution No. 1681 ( 32 KB) - Adopts an identity theft prevention program; program included, passed 11-08
- Lake Forest Park Ordinance No. 997 (Draft) (132 KB) - Council agenda item meeting of 4-23-09
- Port Angeles Resolution No.16-08 ( 496 KB) - Adopts program to prevent identity theft, passed 10-08
- Sequim Resolution No. 2008-27 ( 45 KB) - Adopts an identity theft policy, passed 11-08
- Yakima Resolution No. 2009-08 ( 392 KB) - Adopts program to prevent identity theft, passed 1-20-09
Information from State Municipal Leagues and Organizations Including Model Policies
- California Society of Municipal Finance Officers - "Red Flag" Identity Theft Program - Documents - Includes Roseville, CA
- Kentucky League of Cities - Red Flag Rules for Municipal Utilities - Contains sample identity theft policy and sample ordinance prepared by Georgia Municipal Association
- North Carolina Municipal League - Memo RE: Identity Theft Prevention Programs/Red Flag Rules ( 198 KB) - Important Information on New Federal Requirements for Municipalities, Memo to Managers, Administrators, Clerks, Attorneys, Finance Officers, from Andrew L. Romanet, Jr., General Counsel, and John M. Phelps, II, Senior Assistant General Counsel, September 4, 2008
- Oklahoma Municipal League
- Municipal Policy Review, Red Flags: Identity Theft Prevention ( 46 KB), July 23, 2008
- Municipal Policy Review, Red Flags: Identity Theft Prevention (
- Municipal Association of South Carolina - The Red Flag Rules (
118 KB), prepared by Stephanie O’Cain, CFO-MASC, September 3, 2008
- Tennessee Municipal Technical Advisory Service (MTAS) - Model Identity Theft Policy and FACTA Compliance, by Josh Jones, MTAS Legal Consultant
- West Virginia Municipal League - Federal-Identity-Theft-Prevention-Requirements
- Out-of State Local Government Examples
- Cottage Grove, Oregon - Resolution Adopting an Identity Theft Prevention Program (Staff Report by Finance Director Bert McClintock), October 13, 2008 Council Agenda
- Palo Alto, California - Draft Resolution - Approving customer identification and credit information protection program in Compliance with the Fair and Accurate Credit Transactions Act of 2003 - Also includes Memorandum from Utilities Advisory Commission to Utilities Department of 9-03-08 and Procedure for Customer Credit Security, September 13, 2008 Council Agenda. Memo from City Manager to City Council, RE: Utilities Advisory Commission Recommendation to Adopt Resolution, September 15, 2008
- Sugar Hill, Georgia - Draft Ordinance ( 40 KB) - Identity Theft Prevention Program (Gas Utility), Council Agenda October 13, 2008
Information from Utility Associations (Non Washington)
- American Water Works Association - Utilities Scramble on FTC Identity-Theft Rule, Water Week, Volume 17, Issue 37, September 15, 2008 (scroll down page)
- Kansas Rural Water Association - Red Flag Rules Update: Do water utilities have to comply? Minnesota Municipal Utilities Association - Memo Re Red Flags Rule Guidance for Municipal Utilities ( 54 KB), August 29, 2008
- National Rural Water Association - Identity Theft Prevention Program Compliance Model ( 54 KB), September 29, 2008
- Tennessee Association of Utility Districts - Model Red Flags Rule Program: Identity Theft Prevention Program ( 100 KB), by John Shadwick, August 31, 2008
Related Information
- New Regulations Mandating Identity Theft Prevention Programs and Address Discrepancies and Change Requests ( 99 KB), by Holly K. Towle, CCH Guide to Computer Law, Number 315, 2007 - Posted with permission on K & L Gates Website Licensing and E-merging Commerce : Newsstand
Back