skip navigation

Identity Theft Red Flags Rules

This page provides an overview of the federal "red flags rules" intended to prevent identity theft, along with their potential impacts on local governments in Washington State and examples of local identify theft prevention programs.

It is part of MRSC's series on Utility Billing and Collection.


The Federal Trade Commission (FTC) rules on identity theft, known as "Red Flags Rules," require financial institutions, utilities, and other creditors to set up programs aimed at preventing identity theft. Because of the definition of "creditor" in these rules, municipalities may be affected.

Legal counsels have advised that until the FTC revises its guidance, local governments with municipal utilities should comply with the Identity Theft Prevention Program provisions of the "Red Flag Rules."

The FTC began enforcement of the "Red Flags" rule on January 1, 2011. The Federal Credit Reporting Act (FCRA) was amended by the Red Flag Program Clarification Act of 2010, S. 3987. Signed by President Obama on December 18, 2010, this Act mends the FCRA with respect to the applicability of identity theft guidelines to creditors: however, it did not clearly include or exclude specific types of entities, such as utilities.

Federal Trade Commission Regulations

Advice Given to Local Governments

Examples of Local Identify Theft Prevention Programs

Information from State Associations

Articles on Red Flags Rules

Last Modified: May 14, 2019