New Hampshire Bar Association
About the Bar
For Members
For the Public
Legal Links
Online Store
Vendor Directory
NH Bar Foundation
Judicial Branch

Everything you need to purchase a court bond is just a click away.

Trust your transactions to the only payment solution recommended by over 50 bar associations.
New Hampshire Bar Association
Lawyer Referral Service Law Related Education NHBA CLE NHBA Insurance Agency
Member Login
Member Portal

Bar News - September 18, 2009

Red Flags Rules Take Effect Nov. 1: Attorneys Required to Have a Plan

The Federal Trade Commission’s Red Flags Rules take effect on November 1, 2009, meaning that every business – attorneys included – which provides a line of credit to customers and clients will have to have an identity theft protection plan in place. Originally scheduled to go into effect in August of this year, the rule implementation was postponed for six months due to an outcry from businesses.

There has been particular disagreement about who falls under the rules from the medical and legal fields, which have vociferously denied that they can be considered "creditors" under the current definition in the rules. The Federal Trade Commission disagrees, and although the American Bar Association has filed a lawsuit against the Federal Trade Commission to exempt attorneys from the rules, law firms would be wise to ensure that a red flags action plan is in place by November 1.

What are the Red Flags Rules?

The Red Flags Rules require public and private utilities, financial institutions and other "creditors" to set up identity theft prevention programs. The definition of who and what is and is not a creditor is intentionally broad and, for now, includes law firms and attorneys.

The rules state that creditors must: 1) have policies for developing identity theft "red flags" or suspicious activities; 2) must have procedures in place to identify possible fake or fraudulent documents and identification; 3) have an action plan for when "red flags" are detected; and 4) have a schedule for re-evaluation of the policies.

What do I have to do?

Since client information is already closely guarded in the legal profession, and since many states’ attorneys’ rules already have sections devoted to accepting credit cards and issuing lines of credit, many law firms merely have to put into words current client information protection practices.

Here are a few other ways that your law firm can be ready for the implementation of the rules:
  • Don’t allow access to client information to anyone not assigned to the case or assigned to work on the file.
  • Make sure that anyone not employed by the firm – janitorial staff, guests, clients, etc. – is accompanied by a firm employee when in the office.
  • Offer employment only upon a criminal background check.
  • Limit after-hour and weekend access to the firm’s office only to necessary members of the firm and ensure that records are kept so that entry and exit of visitors and employees is documented.
  • Don’t allow files out of the office without documentation.
  • Verify new client identities by noting social security numbers, valid identification, passports, etc.
  • Don’t let non-employees copy files.
  • Make sure that files are behind locked doors.
More Information:

Since law firms are low-risk entities in terms of the rules, they may make use of the Low-Risk Business Compliance template available from the Federal Trade Commission. It is a fill-in-the-blank form which allows managers to establish a streamlined plan.

If you are in doubt about the status of any meeting, please call the Bar Center at 603-224-6942 before you head out.

Home | About the Bar | For Members | For the Public | Legal Links | Publications | Online Store
Lawyer Referral Service | Law-Related Education | NHBA•CLE | NHBA Insurance Agency | NHMCLE
Search | Calendar

New Hampshire Bar Association
2 Pillsbury Street, Suite 300, Concord NH 03301
phone: (603) 224-6942 fax: (603) 224-2910
© NH Bar Association Disclaimer