Privacy and Security Alert: Breaking News--FTC "Red Flags Rule" Enforcement Delayed
10/22/2008
The Federal Trade Commission (FTC) announced today that it will suspend enforcement of the new identity-theft “Red Flags Rule” from the rule’s compliance deadline of November 1, 2008 until May 1, 2009 to give creditors and financial institutions additional time to develop and implement the required written identity-theft prevention programs.
The Red Flags Rule was developed pursuant to the Fair and Accurate Credit Transactions (FACT) Act of 2003. Under the rule, financial institutions and creditors—including any business that accepts deferred payments for services—with covered accounts must have identity-theft prevention programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft. Some examples of creditors are finance companies, automobile dealers, mortgage brokers, utility companies, telecommunications companies, healthcare providers, and nonprofit and government.
During the course of outreach efforts, the FTC staff learned that some industries and entities within the FTC’s jurisdiction were uncertain about their coverage under the rule and learned of the rule’s requirements too late to be able to come into compliance by November 1, 2008. The Commission says that its delay of enforcement will enable these entities sufficient time to establish and implement appropriate identity-theft prevention programs as required by the rule.
For more information about development of written identity-theft prevention programs and “Red Flags Rule” compliance, please contact:
Cynthia Larose, CIPP
(617) 348-1732
CLarose@mintz.com
Elissa Flynn-Poppey
(617) 348-1868
EFlynn-Poppey@mintz.com
Julia M. Siripurapu
(617) 348-3039
JSiripurapu@mintz.com
or any member of your Mintz Levin client service team.
