* Information available to victims. A business that provides credit or products and services to someone who fraudulently uses your identity must give you copies of the documents, such as credit applications.
* Collection agencies: If a victim of identity theft is contacted by a collection agency about a debt that resulted from the theft, the collector must inform the creditor of that. When creditors are notified that the debt is the work of an identity thief, they cannot sell the debt or place it for collection.
* Red Flags Rule: Several provisions within FACTA require financial institutions, creditors, etc. to develop and implement an identity theft prevention program, aimed at early detection and mitigation of fraud. The program must include provisions to identity relevant "red flags," detect these early warning signs, respond appropriately and periodically update the program. Additional provisions include guidelines and requirements to assess the validity of a change of address request and procedures to reconcile different consumer addresses. The deadline for complying with the Red Flags Rule has been extended several times and is currently December 2010. Questions remain as to which companies need to comply with this part of FACTA.
* Proper disposal of consumer reports. Consumer reporting agencies and any business that uses a consumer report must adopt procedures for proper document disposal to avoid "dumpster diving" by identity thieves. This includes lenders, insurers, employers, landlords, government agencies, mortgage brokers, automobile dealers, attorneys and private investigators, debt collectors, individuals who obtain a credit report on prospective nannies, contractors or tenants.
* Disputing inaccurate information. Consumers can dispute data included in reports directly with the company that furnished it.
Source: Business Records Management, Privacy Rights Clearinghouse, Federal Trade Commission
Federal Rules of Civil Procedure (FRCP)
What it covers: In place since 1938, the FRCP discovery rules govern court procedures for civil lawsuits. The first major revisions, made in 2006, make clear that electronically stored information is discoverable, and they detail what, how and when electronic data must be produced. As a result, companies must know what data they are storing and where it is; they need policies in place to manage electronic data; they need to follow these policies; and they need to be able to prove compliance with these policies, in order to avoid unfavorable rulings resulting from failing to produce data that is relevant to a case.
More about ediscovery and electronic records