{ Banner Image }

The Federal Trade Commission Again Delays Enforcement of the Identity Theft Red Flags Rule

Click to Share Share  |  Twitter Facebook
Johanna M. Novak
Foster Swift Health Care Law E-News
May 1, 2009

The Federal Trade Commission ("FTC") announced on April 30, 2009, that it will delay enforcement of the new “Red Flags Rule” until August 1, 2009.  The delay is meant to give creditors and financial institutions more time to develop and implement written identity theft prevention programs. For entities that have a low risk of identity theft, such as businesses that know their customers personally, the FTC will issue a template to help them comply with the law.

The Red Flags Rule stems from the Fair and Accurate Credit Transactions Act of 2003 ("FACTA"), which directed financial regulatory agencies, including the FTC, to promulgate rules requiring “creditors” and “financial institutions” with covered accounts to implement programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft. FACTA’s definition of a “creditor” is extremely broad and includes all entities that regularly permit deferred payments for goods or services.

The FTC acknowledged in its press release that there is ongoing debate about whether Congress wrote the FACTA provisions too broadly.  The FTC stated that delaying enforcement of the Red Flags Rule will allow industries and associations to share guidance with their members, provide low-risk entities an opportunity to use templates in developing their programs, and give Congress time to consider the issue further.