Could your data be hacked? Unfortunately, every organization — including for-profit businesses, not-for-profits and government agencies — is vulnerable to cyberattacks today. Examples abound. In September, Equifax reported a data breach that exposed the credit histories and other information of 145.5 million Americans. Shortly thereafter, the Securities and Exchange Commission (SEC) reported a hacking incident that...

The red flags rule may actually go into affect on December 31, 2010. The Rule was originally supposed to become effective on January 1, 2008, with full compliance required by November 1, 2008. The FTC or Congress has delayed enforcing the Rule a couple of times in the last two years.

Enforcement of the rule has now been extended to December 31, 2010, while Congress considers legislation that would affect the scope of the included entities.

Enforcement of the rule has been extended to November 1, 2009 to give additional time for developing and implementing written identity theft prevention programs. There are no criminal penalties for failure to comply, however violators may be subject to financial penalties. In addition, compliance assures the entity’s customers that they are doing their part to fight identity theft.