By Robert Hudock, on May 1st, 2009
Print This Post
The FTC announced today that the enforcement date for the Red Flag Rules is being extended until August 1, 2009 (instead of May 1, 2009). The press release is at http://www.ftc.gov/opa/2009/04/redflagsrule.shtm.
The FTC April 30th, 2009 press release provides that:
The Federal Trade Commission will delay enforcement of the new “Red Flags Rule” until August 1, 2009, to give creditors and financial institutions more time to develop and implement written identity theft prevention programs. For entities that have a low risk of identity theft, such as businesses that know their customers personally, the Commission will soon release a template to help them comply with the law.
This is the second time the FTC has extended the deadline for compliance. On October 22, 2008, the FTC announced that it was extending the deadline to comply with the Red Flag Rules to May 1, 2009 due to confusion over which industries and entities are subject to the Red Flag Rules.
With the second extension the FTC has not changed the rules themselves, but are merely suspending enforcement of these rules for three more months from the previously extended compliance date of May 1, 2009. This compliance extension gives hospitals and providers some breathing room, however, it is still critical for each entity and provider to move forward with its analysis of whether it meets the definition of a creditor with covered accounts in order to determine whether it must adopt a written identity theft prevention program by August 1, 2009.
The FTC also noted that new materials to assist entities to comply with the Red Flag Rules will be forthcoming–
During outreach efforts last year, the FTC staff learned that some industries and entities within the agency’s jurisdiction were uncertain about their coverage under the Red Flags Rule. During this time, FTC staff developed and published materials to help explain what types of entities are covered, and how they might develop their identity theft prevention programs. Among these materials were an alert on the Rule’s requirements, www.ftc.gov/bcp/edu/pubs/business/alerts/alt050.shtm, and a Web site with more resources to help covered entities design and implement identity theft prevention programs, www.ftc.gov/redflagsrule.
The yet to be releease compliance template will be available at http://www.ftc.gov/redflagsrule.
FTC Grants “Three-Month Delay of Enforcement of ‘Red Flags Rule’ Requiring Creditors and Financial Institutions to Adopt Identity Theft Prevention Programs”
The FTC April 30th, 2009 press release provides that:
This is the second time the FTC has extended the deadline for compliance. On October 22, 2008, the FTC announced that it was extending the deadline to comply with the Red Flag Rules to May 1, 2009 due to confusion over which industries and entities are subject to the Red Flag Rules.
With the second extension the FTC has not changed the rules themselves, but are merely suspending enforcement of these rules for three more months from the previously extended compliance date of May 1, 2009. This compliance extension gives hospitals and providers some breathing room, however, it is still critical for each entity and provider to move forward with its analysis of whether it meets the definition of a creditor with covered accounts in order to determine whether it must adopt a written identity theft prevention program by August 1, 2009.
The FTC also noted that new materials to assist entities to comply with the Red Flag Rules will be forthcoming–
The yet to be releease compliance template will be available at http://www.ftc.gov/redflagsrule.