- Minara El-Rahman is a contributor to FindLaw’s “Free Enterprise” blog. FindLaw is owned by Thomson Reuters. -

Small business owners have new federal requirements to protect against identity theft in their businesses.

The Federal Trade Commission (FTC) estimates that over 9 million Americans are victims of identity theft annually. As a result, the FTC introduced what is known as the “red flags” rule that was slated to be enforced back in November 2009. The so-called red flags rule requires that certain creditors and organizations with covered accounts implement programs that would identify, detect and address warning signs of possible identity theft in the course of business.

According to the FTC, the red flags programs implemented by such businesses must:

    Identify relevant patterns, practices and specific forms of business activity that are “red flags” of possible identity theft.
    Detect those red flags.
    Respond appropriately to any red flags that are detected and help mitigate identity theft of consumers. Update the program periodically in order to ensure that the program is up to date.

This red flags rule initially covered any business or organization that had covered accounts. However, the red flags rule was recently modified on December 31, 2010. SC Magazine reports that the red flags rule has been modified so that lawyers, doctors, and accountants are exempt from having to comply with this rule.