The Federal Trade Commission (FTC) has issued a new rule that goes into effect on January 1, 2011, called the “Red Flags Rule.” This rule requires certain businesses to develop written plans to fight identify theft.
The Red Flags Rule requires financial institutions and creditors with “covered accounts” to develop and implement written identity theft prevention programs. While this should not generally impact apartment owners or managers, there are two circumstances where a multifamily operator could fall under the rule:
1. You enter into a partial payment agreement with a tenant. If your policies permit you to collect past due rent or other debt on a payment plan, you would be considered a creditor and come under the law; or
2. You sub meter utilities and bill tenants for the use of utilities after the fact.
If you fall into either of these categories, you may be subject to the rule, especially since the FTC has stated that it will take a broad view of the rule and who is bound by it. In this case, it may be a good idea for you to develop a simple prevention program for Businesses and Organizations at low-risk for identity theft. The FTC has created a simplified form for low-risk businesses that can be found at:
http://www.ftc.gov/bcp/edu/microsites/redflagsrule/RedFlags_forLowRiskBusinesses.pdf