FTC Extends Red Flags Deadline - Again - to June 1, 2010

Credit EligibleAs a BankInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info

For the fourth time in a year, the Federal Trade Commission (FTC) has extended the enforcement deadline for state-chartered credit unions and non-banking entities covered by the Identity Theft Red Flags Rule.

Just days before what had been a Nov. 1 deadline, the FTC - at the request of Congress - set a new date of June 1, 2010.

At issue: What types and sizes of entities should be exempt from the Red Flags rule?

On Oct. 30, the U.S. District Court for the District of Columbia ruled that the FTC may not apply the Red Flags Rule to attorneys. Also in Oct., the House passed HR 3763, which would exempt from Red Flags compliance any healthcare, accounting or legal practice with 20 or fewer employees. The Senate's version of the bill has not been reviewed yet.

"We're in a holding pattern until the Senate bill is decided upon," says Naomi Lefkovitz, attorney in FTC's Division of Privacy and Identity Protection. The FTC is also waiting to see how the Senate will define "What is a creditor?" Legislators had requested the FTC delay enforcement until Congress could finalize legislation. "We'll go forward accordingly, and until we know who will be covered, we're in a holding pattern."

This is the fourth time the FTC has delayed enforcement of the Red Flags Rule. Originally, all affected entities - including automobile dealers, utility companies and healthcare providers -- were to show compliance with the Red Flags Rule by last Nov. 1, the same deadline as that met by banks and other financial institutions, including federal credit unions. But in late October of 2008, the FTC extended the deadline by six months for the roughly 11 million entities it oversees. This move was to give non-banking creditors and state-chartered credit unions additional time to develop and implement written identity theft prevention programs.

Click to Get Updates on the Latest Information Security News

Company* Title* Email* Subscription Type: HTML Text Healthcare Enews General Healthcare Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Government Enews General Government Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Banking Enews General Banking Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Credit Union Enews General Credit Union Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Need Help?

Prior to the May 1 deadline, the enforcement date again was extended to Aug. 1 to help entities that have not been regulated for compliance in this area before. In late July, the Aug. 1 deadline got pushed off to Nov. 1.

Also this year, the FTC launched a wide reaching education campaign for businesses to help them comply with the rules, including a dedicated website (www.ftc.gov/redflagsrule), and training events to numerous trade groups.