Featured Article: The Red Flags Rules: Coming Soon to a Call Center Near YOU!
State Holiday Alerts: State DNC Restrictions for November and December.
New Product Announcement: Canadian National IntelliScrub Database.
Canadian National Do Not Call List in Full Effect.
Florida TimeShare and Vacation Companies Face Lawsuit.
California Seeks Stronger Regulation on Call Permission Requests via Mail.

On January 1, 2008, a sweeping new privacy/data security rule went into effect that impacts a large percentage of businesses in the United States.  This new Red Flags Identity Theft Rule will be enforced by the Federal Trade Commission, federal bank regulatory agencies, and the National Credit Union Administration.  The good news is that the FTC recently issued a statement on enforcement policy (http://www.ftc.gov/opa/2008/10/redflags.shtm), which gives "financial institutions" and "creditors" six more months to implement an effective Red Flags program (until May 1, 2009).  The bad news is that information about this new rule, and the scope of companies it will effect, is only slowly filtering out across the country.

First, the basics:  are you covered by the Rule?  A "financial institution" is defined as a bank, savings and loan, credit union, or other entity that holds a "transaction account" belonging to a consumer.  (A "transaction account" is an account that enables payments or transfers to be made - examples include checking account, savings accounts that permit automatic transfers, and share draft accounts.)  A "creditor" is a business that regularly extends, renews or continues credit and/or arranges for someone else to extend, renew, or continue credit.  Examples include finance companies, automobile dealers, mortgage brokers, utilities, and telecommunications companies - but keep in mind that simply accepting credit cards does not make you subject to these rules.

If your company meets the definition of either "financial institution" or "creditor," AND you provide "covered accounts" (like credit card accounts, mortgage and car loans, cell phone accounts, checking or savings accounts), then you are at the front lines of compliance for Red Flags purposes.  All such front line companies must have a "Program" in place, by May 1, 2009, that identifies, detects, and prevents red flags (patterns and practices that indicate the possible existence of identity theft), and that remediates any problems that are identified.

Most call centers are not going to be on the front lines of compliance . . . but you know it can't be that easy, right?  (If it were, I wouldn't be writing this article!)  Where it gets interesting for call centers is the extension of these rules to "service providers."  A service provider is an entity that provides service directly to a financial institution or creditor (which would, among many other types of entities, include call centers) where "covered accounts" are in play.  Financial institutions and creditors are on the hook, under the Red Flags rules, to "exercise appropriate and effective oversight of service provider arrangements" - in other words, financial institutions and creditors must provide for the detection, prevention, and mitigation of identity theft even where an activity is outsourced to a service provider.

Bottom line - if you are a call center (or in fact any type of service provider) providing services to entities covered by the Red Flags rules, expect to be hearing soon (if you haven't already) from your clients.  Your clients are going to be asking you, in effect if not outright, to implement your OWN Red Flags program to identify, prevent and mitigate instances of Red Flags, and to have a system in place to report such instances back to the client.

What you're probably going to need is:  a written procedure to handle Red Flags; a means to disseminate your clients' Red Flags Program(s) to your employees, so that they understand the nature of what it is they should be on the lookout for; a "Red Flags Officer" who's job it is to coordinate the reporting of such instances and to handle escalation of them as appropriate; and a training program specifically geared to instructing your employees about their duties with regard to Red Flag identification and reporting.

Features include:
- Validation of registration and subscription with the Canadian NDNC.
- Automatically retrieve the area codes for which you have brought a subscription.
- Monitoring of your subscription over time so that expired information is never used.
- Increased management flexibility, added protection and scrubbing of Canadian area codes.

For more information contact a Contact Center Compliance Sales Director at 866-362-5478, by email to info@dnc.com or at our website: DNC.com.

The following holiday restrictions have been verified for the months of November and December:

Outbound calling is prohibited in Louisiana on Tuesday, November 4, 2008 in observance of Election Day.

Outbound calling is prohibited in Alabama, Louisiana, Mississippi, Rhode Island and Utah on Tuesday, November 11, 2008 in observance of Veterans' Day (Armistice Day).

Outbound calling is prohibited in Alabama, Louisiana, Mississippi, Rhode Island and Utah on Thursday, November 27, 2008 in observance of Thanksgiving Day.

Outbound calling is prohibited in Alabama, Louisiana, Mississippi, Rhode Island and Utah on Thursday, December 25, 2008 in observance of Christmas Day.

Training Master is a full-featured training suite developed by industry and legal experts for companies seeking to train personnel on procedures, ethical conduct, regulations, industry rules and company values. Create dynamic, online-training for your business.

For more information contact a Contact Center Compliance Sales Director at 866-362-5478, by email to info@dnc.com or at our website: DNC.com.

Canadian National Do Not Call List in Full Effect:
The Canadian National Do Not Call list is now in full effect with 3,952,238 of 16 million numbers already registered. For an in-depth look on what this means for calls to the Canadian area review the following white paper on the CDNC compliments of Contact Center Compliance: "What Canadian Telemarketers have to do?"

Florida TimeShare and Vacation Company Faces Lawsuit:
A lawsuit has been brought against the Florida based company, Bluegreen Corporation, by Attorney General Tom Corbett for illegal marketing practices and for making numerous calls to consumers who were on Pennsylvania's Do Not Call list (though Bluegreen alleges they based the calls on referrals from other customers).However, Bluegreen has also been accused of continuing calls to consumers who had specifically told them not to call again.

California Seeks Stronger Regulation on Call Permission Requests via Mail:
The California General Assembly has proposed a bill (AB 2059) that would regulate U.S. mail solicitations to be "clear and conspicuous" with identification of the sender and of the entity requesting permission to call the consumer by telephone.