My under standing of RED FLAG, is to basically Figure out what data can be used in ID theft in your company & be able to track who has access to what data & monitor the places you determing it can be stolen.
From Wikipedia
http://en.wikipedia.org/wiki/Red_Flags_Rule
The Red Flags Rule sets out how certain businesses and organizations must develop, implement, and administer their Identity Theft Prevention Programs. Your Program must include four basic elements, which together create a framework to address the threat of identity theft[7][8].
The four basic elements to the program are:
1) Identify Relevant Red Flags
Identify the red flags of identity theft you’re likely to come across in your business
2) Detect Red Flags
Set up procedures to detect those red flags in your day-to-day operations
3) Prevent and Mitigate Identity Theft
If you spot the red flags you’ve identified, respond appropriately to prevent and mitigate the harm done
4) Update your Program
The risks of identity theft can change rapidly, so it’s important to keep your Program current and educate your staff
The Red Flags Rules provide all financial institutions and creditors the opportunity to design and implement a program that is appropriate to their size and complexity, as well as the nature of their operations [5].
The red flags fall into five categories:
alerts, notifications, or warnings from a consumer reporting agency[5]
suspicious documents[5]
suspicious personally identifying information, such as a suspicious address[5]
unusual use of – or suspicious activity relating to – a covered account[5]
notices from customers, victims of identity theft, law enforcement authorities, or other businesses about possible identity theft in connection with covered accounts[5]
