Slashdot Mirror
FTC Delays Identity Theft Rule Yet Again
coondoggie sends news that the FTC, at the request of several members of Congress, has delayed enforcement of anti-ID-theft rules — for the fourth time since the original implementation date, November 2008. "The [Red Flags] rule requires financial institutions and other creditors to develop and carry out identity-theft prevention programs. ... The problem with the rule revolves around which entities must comply and develop identity-theft prevention programs. ... 'It's the act of delaying payment for services that can sweep in entities you wouldn't normally think of as creditors,' Kuehn said. Already, the American Bar Association, the American Medical Association, and the American Institute of Certified Public Accountants have sued, saying that the Red Flags Rule shouldn't apply to their members."
The reason for the objection by the AMA is that this rule would designate doctors as creditors, by virtue of them billing for their services. This would require a torrent of new paperwork to be handled by the doctors' offices. Ultimately, the time and staff cost of compliance would be extremely high, while there aren't likely to be any benefits in terms of reduction of personal data theft from medical practices, since HIPAA regulations are already very strict regarding personal information.
Since many hospitals and practices already operate on rather thin margins (3% is considered excellent for a hospital), the last thing medical institutions need is more staff to handle paperwork. They already outnumber doctors...
do they not have important data that could be used in an identity theft?
The "Red Flags Rule" isn't about stealing data, it's about requiring people to watch for signs that stolen data is being used (hence "Red Flags"). Things like fake IDs, addresses that don't match your records or are not valid, or a SSN that isn't in the date range for the person's DOB.
If I have been able to see further than others, it is because I bought a pair of binoculars.
And at the end of the day, it's all about what costs more/less money where these financial institutions are concerned. If new "red flag" procedures and checks for ID theft cost a bank $25 million per year, and their actuaries tell them they only suffer $10 million per year in ID-theft-related losses, then it's not in their interests to put those "red flag" measures in place.
The human cost to their customers (lost time, mental anguish, etc.) of an incident carries absolutely no weight in their thinking. It's all about the bottom line.
If libertarians are so opposed to effective government, why don't they all move to Somalia?
Especially when there are already laws against the behavior in question and these laws already put the onus on the companies. (This isn't original to me, but I'm too lazy to look up the original reference.)
It works like this: If Person A pretends to be me and gets something without paying for it, that's fraud, not "ID theft." But with fraud, I'm not the victim, whoever accepted the fraudulent credentials is.
Over the last 15 years we've seen a new crime called, "ID theft" wherein the victim is no longer the entity with the power to impede the crime, the victim is a third party. That way credit-granting agencies can ignore the warning signs, and then bill the wrong person for the transaction.
If we stopped talking about "ID theft" and just went back to fraud, the companies would already have the motivation to tighten their ID checks.
I'd rather have someone respond than be modded up.
I agree, but I don't trust politicians to get it done right.
Credit (Equifax...) rating companies, credit card companies, Bank/Loan Sharks... are the one that validate false/stolen IDs. I have always thought the should be the first sued by ID theft victims.
Unaccountable leaders are masters, and unrepresented people are slaves. How do US and EU fare?