The Federal Trade Commission's Red Flags Rule is now in place.
The rule requires financial institutions and creditors-including in diverse areas such as auto, mortgage and wireless-to create and deploy identity theft prevention programs.
Tom Oscherwitz, chief privacy officer for consumer risk management specialist ID Analytics in San Diego, advises credit unions to "take the rules seriously."
"Companies are now accountable for identity theft that happens on their watch," he said. "Data security has gone beyond protecting against corporate vulnerabilities and now includes ensuring the identity security of consumers. Companies who fail to comply face penalties and other enforcement actions."
He recommends that financial institutions understand and resolve risks proactively by building a Red Flag program for the long term.