Contact Us
About Us
History
Community
Sustainability
Recognition
All Services
Business
Construction
Labor & Employment
Litigation
Personal Injury
Bicycle Accident Injury Team
Distribution and Franchise Team
Electronic Discovery and Records Management Team
Government Relations Team
Intellectual Property & Technology Team
Rail and Transportation Team
Attorneys
Other Professionals
Articles
Articles Archive
Legal Alerts
Videos
Podcasts
Sign Up for Email Alerts
Media Center
Events
By Women For Women
For Attorneys
For Other Professionals
For Law Students
Associate Attorney Opening
Home printer-friendly YouTube facebook twitter YouTube
Municipal Compliance with the Red Flags Rules
Published: February 12, 2010
Author: Timothy D. Fenner

Identity theft has been a real problem in the United States. Pursuant to applicable federal law and in an effort to extend consumer protections against identity theft, the Federal Trade Commission (“FTC”) adopted regulations in 2007 requiring all utility companies and other entities that act as “creditors” and provide certain types of customer accounts to enact “red flags policies” aimed at protecting personally identifying consumer information. Originally, the FTC regulations required compliance with the rules by November 1, 2008. However, that date has been periodically extended by the FTC due to a number of questions and issues that have arisen. The current compliance date is June 1, 2010.

The first question that invariably arises is: “Who is required to comply with the Red Flags Rules?” Clearly all financial institutions must, as well as any “creditors” that maintain certain types of accounts. The rules define a “creditor” as an entity that regularly extends, renews or continues credit, including the provision of a service for which payment is made after the service is provided. For example, a utility company, even those operated by governmental entities. Given the definition of “creditor,” governments which provide municipal sewer, water, gas, electric, telecommunications or other utility service, are and will be covered by the Red Flags Rules.

The Rules have created a tremendous amount of confusion when applied to governmental bodies. As of this date, it does not appear that the FTC will be applying the Rules to a governmental body when it collects property taxes, business license taxes, parking tickets, special assessments, impact fees, etc. However, for those municipal entities that provide the foregoing utility services, it appears that the rules will be applicable.

If a municipality is subject to the Red Flags Rules, then the question is: “What can government do to get in compliance?” As a creditor, municipalities will be required to develop a program to prevent identity theft that, according to the rules, is “appropriate for the size and complexity of the municipality.” Each program must contain reasonable policies and procedures to:

  1. Identify risks of identity theft
  2. Identify relevant red flags for new and existing covered accounts and incorporate those red flags into the program
  3. Detect red flags that have been incorporated into the program
  4. Respond appropriately to any red flags that are detected to prevent and mitigate identity theft
  5. Ensure the program is updated periodically to reflect changes in risk to customers or to the safety and soundness of the creditor from identity theft
Depending upon the particular policies developed, there may or may not have to be changes in the municipality’s ordinances. The rules allow for tremendous local discretion in terms of the municipality assessing its own risks and to determine the appropriate scope of the Red Flags policies that are adopted.

Timothy D. Fenner is a partner at Axley Brynelson, LLP. For more information on municipal compliance with the Red Flags Rules or assistance with preparation of an appropriate policy, please contact Mr. Fenner at 608.283.6733 or tfenner@axley.com.
Return to main Articles Section
Axley Brynelson is pleased to provide articles, legal alerts, podcasts and videos for informational purposes, but we are not giving legal advice or creating an attorney/client relationship by providing this information. The law constantly changes, and our publications may not be currently updated. Before relying on any legal information of a general nature, please consult legal counsel as to your particular situation. While our attorneys welcome your comments and questions, keep in mind that any information you provide us, unless you are now a client, will not be confidential.