Red Flags Rule
Effective Dec. 31, 2010, the Red Flags Rule requires organizations extending payment terms to customers and that have personal information on file to:
- Create a written “Program” that identifies where personal customer information is vulnerable to unauthorized access or where the organization is vulnerable to ID Theft.
- Institute precautions that address those ID Theft vulnerabilities and train employees to comply with those precautions.
- Intervene, alert the authorities, or warn the potential victims when there is a threat of ID Theft.
- Have the “Program” controlling ID Theft vulnerabilities signed by the Board of Directors or the company owners annually.
- Require audits of data-related vendors with access to personal information of customers.
As a professional secure data destruction service provider, AccuShred plays an important role in our customer’s Red Flags Rule compliance, and we want you to know that we take that responsibility seriously.
- All of our employees are screened and drug tested prior to being hired.
- Our written policies and procedures address all relevant Red Flags Rule vulnerabilities related to preventing, detecting, and responding to reasonable and/or foreseeable risks of identity theft.
- All employees provide written acknowledgement that they are aware of their responsibilities under our Red Flags Rule compliance policies.
- Our contracts and/or our terms of service acknowledge our responsibilities related to preventing, detecting and responding to reasonable and/or foreseeable risks of identity theft.
- We encourage customers to conduct the required annual review of our security, as well as our compliance to our published policies and procedures.
- If you have any questions about the Red Flags Rule or how we can help with your compliance to any of the data protection regulations, please contact us.
For more information about the Red Flags Rule, please visit the FTC’s website.