• Home
• Calendar
• Member Services
  • Water & Wastewater Technical Assistance
  • Water Systems
  • Mission
  • Staff
  • Advertise
  • Stage 2 D/DBP Rule
  • WARN
  • FTC Red Flag Rule
  • Scholarships
• Training
  • Certification
  • Water
  • Training Calendar
  • Conferences
• Legislative
  • Rally
  • Water Omnibus Bill
• Quality on Tap!
• History
• Directory
• NRWA Services
  • Background Screening Services
  • VIP Fleet Program
  • Intuit Affiliate Program
  • NRWA Small System Electric Power Use Study
  • NRWA Revolving Loan Fund
• Links
• Comments

Download the Template

Red Flag Rule Frequently Asked Questions

Question: What do you do with the finished report? Do you certify that it was done? Do you file it or send it to FTC. Do you do it annually or just once? Does anyone check to see if you are compliant? Do you let your customers know you are compliant?

Answer:  "The Identity Theft Prevention Program developed does not need to be submitted to or reviewed by the FTC. Further, no certification is required to be filed with the FTC. However, the Agency may do random compliance reviews of utilities to ensure they have a program in place." The Utility is developing a report annually evaluating the program but the program only needs to be updated periodically on an as needed basis.

Question: What is the fine if someone does not comply with the Red Flag Rule?

Answer: The fine is $2,500 per incident. Not sure how they define an incident.

Question: Our small utility has only 500 customers. The only information we maintain on our customers is: Name, Address and Phone Number. In most cases that info is listed in the phone book. I do not see where we have any info that could be considered "sensitive information". We do not have any credit information. We supply water to anyone who joins our Co-Op. If they do not pay we terminate their service. The only payment we accept is cash or check. The only reason we have phone numbers is to alert our members that there is a boil water situation.

Answer: You are covered. This specific example is in the compliance model introduction.

Question: We have a wastewater facility at one of our mobile home parks. However, we do not have accounts and do not bill the residents for the operations of this plant. After reading the information, we are not able to determine why we need to use it. Please advise. Another similar question: We are a private mobile home/RV park and our water system is solely for the use of our residents and campers. We do not charge separately for water use, it is included in their lot rent. We do not need to comply with this regulation, do we?

Answer: You are correct; you do not need to comply with the rule for the reason stated. You are not extending credit because your customers pay their lot rent up front and that covers water and sewer.

Question: Under steps required to develop the Identity Theft Prevention Program you have "Obtain program approval by the governing body or designated senior management by May 1, 2009". Can we choose which between the governing body and designated senior management or are we required to obtain governing body approval if we have a governing body?

Answer: If you have a board of directors, you must have their approval and review of the program. If there is no governing body (board of directors), then the employee in senior management can approve the plan.