July 30, 2009
FTC Announces Three-Month
Delay of Enforcement of
“Red Flags” Rule
Three days before the Federal Trade Commission (FTC) was to begin enforcement of the “Red Flags” Rule, the FTC announced it will delay enforcement until November 1, 2009 to provide creditors and financial institutions additional time to develop and implement the required written identity–theft prevention programs.
The FTC will also be redoubling its efforts to educate small businesses and other entities about compliance with the “Red Flags” Rule. The FTC also intends to ease compliance by providing additional resources and guidance to clarify whether businesses are covered entities and what action entities must take to comply with the “Red Flags” Rule.
The July 29, 2009 announcement by the FTC does not affect other federal agencies’ enforcement of the original November 1, 2008 deadline for other institutions, such as banking institutions.
As discussed in our earlier alerts,1 the “Red Flags” Rule was developed pursuant to the Fair and Accurate Credit Transactions (FACT) Act of 2003. Under the rule, financial institutions and creditors—including any business that accepts deferred payments for services—with covered accounts must have identity-theft prevention programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft. Some examples of creditors are finance companies, automobile dealers, mortgage brokers, utility companies, telecommunications companies, health care providers, and non-profit and government entities.
For businesses struggling to develop and implement a compliant written identity–theft program by August 1, 2009, this action offers a three–month extension to develop a strong program.
Mintz Levin’s Privacy and Security Group has been working with clients on development of “Red Flag” compliance programs. We can help conduct risk assessments and develop or review your “Red Flag” program and policies, including employee training; advise on duties to detect, prevent, and mitigate identity theft; analyze and prepare vendor agreements that comply with your “Red Flag” duties; and advise senior management on responsibilities under the regulations.
“Last Call for ‘Red Flag’ Compliance Planning” (July 23, 2009)
“Breaking News: FTC ‘Red Flags Rule’ Enforcement Delayed” (October 22, 2008)
Copyright © 2009 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C.
This communication may be considered attorney advertising under the rules of some states. The information and materials contained herein have been provided as a service by the law firm of Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. to its clients and friends; however, the information and materials do not, and are not intended to, constitute legal advice. Neither transmission nor receipt of such information and materials will create an attorney-client relationship between the sender and receiver. The hiring of an attorney is an important decision that should not be based solely upon advertisements or solicitations. Users are advised not to take, or refrain from taking, any action based upon the information and materials contained herein without consulting legal counsel engaged for a particular matter. Furthermore, prior results do not guarantee a similar outcome.
list is maintained at Mintz Levin’s main office, located at One Financial
Center, Boston, Massachusetts 02111. If you no longer wish to receive electronic
mailings from the firm, please visit http://
For assistance in this area, please contact one of the attorneys listed below or any member of your Mintz Levin client service team.
Cynthia Larose, CIPP
Bruce D. Sokler
Robert G. Kidwell
Julia M. Siripurapu