Go
About UsServicesOur PeopleNewsEventsPublicationsBlogsDiversityLocationsCareers

Keyword(s)
By Practice or Industry
All Services
By Attorney
News Search
Publication Type
All
Alerts
Articles
Booklets
Newsletters
Join Mailing List

Professionals


Practice Areas


Industries


Alerts

FTC Announces Delay in Enforcement of the New Red Flags Rule

May 1, 2009

Hinshaw Health Law Alert

The Federal Trade Commission (“FTC”) announced April 30, 2009, that it will delay enforcement until August 1, 2009, of the new “Red Flags Rule,” requiring “creditors” and financial institutions to develop and implement written “identity theft prevention programs.” Such programs must be designed to help identify, detect and respond to patterns, practices or specific activities — known as “red flags” — that could signal an incident of identity theft. 

For purposes of the Red Flags Rule, a “creditor” has been defined as any person who regularly extends, renews or continues credit, or any person who regularly arranges for the extension, renewal or continuation of credit. This includes all entities that regularly permit deferred payments for goods or services. The breadth of this definition, and the scope of entities and industries therefore required to develop and implement written identity theft prevention programs, has been a source of ongoing debate.

The original enforcement date for the Rule, November 1, 2008, was previously postponed to May 1, 2009. According to the FTC, the additional delay in enforcement announced yesterday is intended to give Congress time to consider further the scope of the Rule and allow industries and associations to share guidance with their members concerning compliance. In addition, the FTC has announced it will soon release a template to assist entities that have a low risk of identity theft, such as businesses that know their customers personally, in complying with the law.

This delay in enforcement, like the one previously issued by the FTC, is limited to the Red Flags Rule requiring the development and implementation of written identity theft prevention programs. It does not extend to related Red Flags Rules applicable to users of consumer reports and card issuers, regarding changes of address and address discrepancies. Similarly, the delay in enforcement does not affect enforcement of the original November 1, 2008, compliance deadline for institutions subject to the oversight of the federal bank regulatory agencies or the National Credit Union Administration.

For further information, please contact Angela M. Rust or your regular Hinshaw attorney.

This alert has been prepared by Hinshaw & Culbertson LLP to provide information on recent legal developments of interest to our readers. It is not intended to provide legal advice for a specific situation or to create an attorney-client relationship.
Site Map | Contact Us | | RSS | Disclaimer
© 2012 Hinshaw & Culbertson LLP. ATTORNEY ADVERTISING pursuant to New York RPC 7.1
The choice of a lawyer is an important decision and should not be based solely upon advertisements.