CSAA Signals: FTC New Rules; Standards Review

Vol. 14, No. 15 - September 8, 2008
440 Maple Avenue East, Suite 201, Vienna, VA
703-242-4670; Fax 703-242-4675

This issue of the CSAA Signals is brought to you by our sponsor:

*** The Bold Group - Boldly securing your future with one-point control central station automation ***

Please visit http://www.boldgroup.com/ for information about its products
or click on the banner above.

Table of Contents

FTC New Identity-Theft Prevention Rules
Reminder: Alarm Verification and Notification Procedures Standard under Review

FTC New Identity-Theft Prevention Rules
Compliance Starts on Nov. 1, 2008

It was reported at the September 4, 2008 Alarm Industry Communications Committee (AICC) meeting that the Federal Trade Commission (FTC) has published rules requiring financial institutions and creditors to develop and implement written identity theft prevention programs by November 1, 2008. Under the rules, “creditors” are defined broadly as entities that regularly extend, renew or continue credit.

What are the rules?

The rules require companies to implement procedures to detect, prevent and mitigate identity theft with respect to new and existing “covered accounts.” A “covered account” is a continuing relationship: (a) that a financial institution or a creditor offers or maintains with a person to facilitate the person’s purchase of products or services primarily for personal, family or household purposes; and (b) that involves or is designed to permit multiple payments or transactions.

A “covered account” also includes any other continuing relationship that a financial institution or creditor offers or maintains for which there is a reasonably foreseeable risk of injury (including risk of financial, operational, compliance, reputation and/or litigation injury) from identity theft: (a) to the customer of the account; or (b) to the safety and soundness of the financial institution or creditor.

The core of the program is the listing of various patterns, practices and specific activities (called “Red Flags”) which may indicate the possible theft of the identities of: (a) existing customers maintaining “covered accounts” with the Company; and (b) new or purported new customers opening “covered accounts” with the Company. The rules require companies to periodically conduct a risk assessment to determine whether it offers or maintains “covered accounts.”

Resources

The Blooston law firm, AICC Counsel, has developed a template, "Identity Theft Prevention Program” to assist companies in complying with the FTC’s rules. For more information, please contact Ben Dickens at 202-828-5510 or Mary Sisak at (202) 828-5554.

To read the FTC’s Business Alert, visit http://www.ftc.gov/bcp/edu/pubs/business/alerts/alt050.shtm.

Alarm Verification and Notification Procedures Update

As we reported previously, CSAA's Alarm Verification and Notification Procedures Standard (CS-V-01) is entering an ANSI Comment period (BSR/CSAA CS-V-01-200x, Alarm Verification and Notification Procedures Update). The Comment Period will end on September 14, 2008.

A copy of the draft can be found at www.ltfiore.com/files/ANSI_CSAA_CS_V_01_2004-ltf-2-02-08DRAFT.doc.

Please use the following form to make any proposed changes: http://www.csaaul.org/Form_for_Proposals_on_CSAA_Standards_Documents.doc
and e-mail it to Celia Besore at communications@csaaul.org.

For additional information, please contact Louis T. Fiore at ltfiore@aol.com.