IT departments, take note: New federal rules aimed at curbing identity theft take effect on Nov. 1. The Federal Trade Commission regulations require financial institutions, and other creditors that provide financing, to re-examine their ID theft prevention policies and implement new procedures and business practices.

The rules require a written ID theft prevention policy that includes methods to identify "patterns, practices or specific activities that could indicate identity theft." Violators of the new rules will be subject to civil penalties of up to $2,500 per violation. The new regulations were initially believed to apply only to financial institutions such as banks, savings and loans, mortgage lenders and credit unions. However, small- and mid-size businesses are concerned the rules may also cover them because they apply  to "any person or business" that arranges for customer credit.

"A creditor includes anyone who regularly extends credit to their customers, but the definition is not limited to that and can be broader," said Frank Dorman, a spokesman for the FTC. The FTC estimates that as many as 9 million Americans have their identities stolen each year. 

For more on these rules:
- check out this eWeek.com article [1]

Related Articles:
Notification laws have not cut ID theft [2]
41 million credit card numbers hacked [3]