The Federal Trade Commission (FTC) announced Friday it is delaying enforcement of the Red Flags Rule until June 1, 2010.
The FTC previously delayed the enforcement of the rule for entities under its jurisdiction until Nov. 1, 2009. However, on Oct. 30, 2009, the U.S. District Court for the District of Columbia ruled that the FTC may not apply the Red Flags Rule to attorneys.
The FTC's announcement to delay enforcement of the rule until June 1, 2010, does not affect the separate timeline of that proceeding and any possible appeals. Nor does it affect other federal agencies’ ongoing enforcement for financial institutions and creditors subject to their oversight.
The rule was promulgated under the Fair and Accurate Credit Transactions Act, and requires the FTC and other agencies to develop regulations requiring creditors and financial institutions to address the risk of identity theft. The resulting Red Flags Rule requires all such entities that have covered accounts to develop and implement written identity theft prevention programs to help identify, detect, and respond to patterns, practices, or specific activities – known as “red flags” – that could indicate identity theft.
The FTC has continued to provide guidance to entities within its jurisdiction, both through materials posted on the dedicated Red Flags Rule Website (www.ftc.gov/redflagsrule), and in speeches and participation in seminars, conferences and other training events to numerous groups. The FTC also published a compliance guide for business, and created a template that enables low risk entities to create an identity theft program with an easy-to-use online form. FTC staff has published numerous general and industry-specific articles, released a video explaining the rule, and continues to respond to inquiries from the public. To assist further with compliance, FTC staff has worked with a number of trade associations that have chosen to develop model policies or specialized guidance for their members.