FTC Extends Red Flags Deadline - Again - to June 1, 2010

Fourth Time Agency Has Pushed Back Enforcement Date
FTC Extends Red Flags Deadline - Again - to June 1, 2010
For the fourth time in a year, the Federal Trade Commission (FTC) has extended the enforcement deadline for state-chartered credit unions and non-banking entities covered by the Identity Theft Red Flags Rule.

Just days before what had been a Nov. 1 deadline, the FTC - at the request of Congress - set a new date of June 1, 2010.

At issue: What types and sizes of entities should be exempt from the Red Flags rule?

On Oct. 30, the U.S. District Court for the District of Columbia ruled that the FTC may not apply the Red Flags Rule to attorneys. Also in Oct., the House passed HR 3763, which would exempt from Red Flags compliance any healthcare, accounting or legal practice with 20 or fewer employees. The Senate's version of the bill has not been reviewed yet.

"We're in a holding pattern until the Senate bill is decided upon," says Naomi Lefkovitz, attorney in FTC's Division of Privacy and Identity Protection. The FTC is also waiting to see how the Senate will define "What is a creditor?" Legislators had requested the FTC delay enforcement until Congress could finalize legislation. "We'll go forward accordingly, and until we know who will be covered, we're in a holding pattern."

This is the fourth time the FTC has delayed enforcement of the Red Flags Rule. Originally, all affected entities - including automobile dealers, utility companies and healthcare providers -- were to show compliance with the Red Flags Rule by last Nov. 1, the same deadline as that met by banks and other financial institutions, including federal credit unions. But in late October of 2008, the FTC extended the deadline by six months for the roughly 11 million entities it oversees. This move was to give non-banking creditors and state-chartered credit unions additional time to develop and implement written identity theft prevention programs.

Prior to the May 1 deadline, the enforcement date again was extended to Aug. 1 to help entities that have not been regulated for compliance in this area before. In late July, the Aug. 1 deadline got pushed off to Nov. 1.

Also this year, the FTC launched a wide reaching education campaign for businesses to help them comply with the rules, including a dedicated website (www.ftc.gov/redflagsrule), and training events to numerous trade groups.


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.