Published: 09 May 2021 09 May 2021 Washington, DC - The Department of Justice, together with the Federal Trade Commission (FTC), announced a $20 million settlement resolving alleged violations of the FTC Act and the Fair Credit Reporting Act (FCRA), including violations of the Red Flags Rule. The settlement includes $15 million in civil penalties, which represents the largest civil penalty ever paid to resolve FCRA violations under the FTC Act. Vivint Smart Home Inc. sells “smart” home security and monitoring systems, largely via a sales force that sells door-to-door. The complaint alleges that Vivint failed to implement an Identity Theft Prevention Program, allowing its sales representatives to obtain credit reports of unsuspecting consumers without the consumers’ knowledge or consent, and unfairly sold false debt to buyers or debt collectors. According to the complaint, the defendant’s lack of an Identity Theft Prevention Program violated the FTC’s Red Flags Rule, which requires covered financial institutions and creditors to establish and administer an appropriate, written Identity Theft Prevention Program. The Red Flags Rule plays an important role in the detection, prevention, and mitigation of identity theft.