Red Flags Rule

Identity theft prevention program for businesses

What is the “Red Flags” Rule?

The Red Flag Rule was promulgated by the Federal Trade Commission and other federal agencies charged with overseeing compliance to the Financial Service Modernization Act (GLB), the Fair Credit Reporting Act (FCRA) and the Fair and Accurate Credit Transaction Act (FACTA). It states that all financial institutions and others who are considered "creditors" must:

  • Identify in writing the areas of their operation where the personal information of their clients is at risk of unauthorized access
  • Develop written procedures to mitigate that risk
  • Detect unauthorized access if or when it happens
  • Periodically re-evaluate and update your Program

How do I comply?

  • If you work for a bank, federally chartered credit union, or savings and loan, check with your regulatory agency for guidance. Otherwise, the FTC's booklet, Fighting Fraud with the Red Flags Rule: A How-To Guide for Business, has tips for determining if you are covered by the Rule.
    PDF Fighting Fraud with the Red Flags Rule: A How-To Guide for Business
  • Every healthcare organization and practice must review its billing and payment procedures to determine if it's covered by the Red Flags Rule. Whether the law applies to you isn't based on your status as a healthcare provider, but rather on whether your activities fall within the laws' definition of two key terms: "creditor" and "covered account".
    PDF The "Red Flags" Rule: What Health Care Providers Need to Know
  • The Red Flags Rule gives you the flexibility to design an Identity Theft Prevention Program appropriate for your business, given its size and potential risk for identity theft. While some companies need a comprehensive Program, businesses and organizations at low risk for identity theft may find that a streamlined Program fits the bill. If you are at low risk for identity theft, this do-it-yourself Program may be sufficient.
    link Create your own Identity Theft Prevention Program: A Guided 4-step process

How can Ohio Mobile Shredding help?

While Ohio Mobile Shredding is not subject to the Red Flag Rule directly, we have provisions within our operations and Confidential Destruction Agreement to help our clients comply with their Red Flag Rule obligations:

  1. Ohio Mobile Shredding is a NAID Certified® provider. NAID Certification criteria identify all areas of our operation where information transferred to our custody for processing is put at risk of unauthorized access. Our company's compliance with security measures specifically designed to mitigate these risks is verified through periodic announced and unannounced audits by accredited, authorized third-party security professionals. NAID Certification security specifications, as well as verification of our NAID Certified® status, are included as addendums to these policies and procedures.
  2. As a condition of employment, all Ohio Mobile Shredding employees are required to notify management of any actual or potential unauthorized access to information transferred to our custody for processing. If such information is verified by management to constitute unauthorized access to information transferred to our custody, it is our policy to fully disclose to clients all relevant details in a timely manner and to reasonably cooperate in any subsequent investigation.
  3. The acceptance, transfer and processing of information transferred to our custody shall be documented and verified in writing and such documentation made available to the customer in the course of business upon request.

Data security plays an essential role in keeping people's sensitive information from falling into the wrong hands. Protect what you have a legitimate business reason to keep and securely dispose of what you no longer need. Our EasyShred℠ service provides you with consistent, reliable, and cost-effective shredding and ensures sensitive information is safeguarded and properly destroyed:

  1. We help you write information destruction policies and procedures (this step is optional)
  2. We provide your offices with free lockable document disposal containers that prevent unauthorized access to sensitive information
  3. On a schedule that suits your needs, our bonded and insured shredding specialist securely shreds your information
  4. With every service visit, we provide you with a numbered Accountability Receipt documenting a chain of custody and a chronological history of your shredding practices – a shredding "log" for your records
  5. We provide you with a Certificate of Destruction: a third-party verification that your information was completely and confidentially destroyed in accordance with NAID Certified® specifications and Federal Regulations

With Ohio Mobile Shredding and EasyShred℠ compliance with the Red Flag Rule could not be easier!