« Back The FTC Delays Enforcement of Identity Theft "Red Flag" Rules (Again!)

May 4, 2009

On April 30, 2009, the FTC announced that it is delaying enforcement of its Red Flag Rules (the “Rules”) regarding identity theft prevention.  The new effective date for enforcement of the rules will be August 1, 2009.  In addition, the FTC intends to release additional compliance guidance for entities subject to the Rules.  See the FTC press release here.

As we have explained in prior alerts, the Rules require certain businesses acting as “creditors” to develop and implement written identity theft prevention programs that identify, detect, and respond to patterns, practices, and activities that might indicate that identity theft has occurred  (i.e., the “Red flags” signaling identify theft).  In addition, the Rules require that an entity’s board of directors approve the identity theft prevention program and all employees receive training related to the program.  

The Rules apply to entities that expressly offer financing or deferred payment plans and to those that do not require full payment up front but rather bill patients after services are rendered.  Noncompliance with the Rules may result in civil monetary penalties and enforcement action by the FTC.

The latest reprieve gives companies subject to the Rules additional time to come into compliance.  If you have questions regarding whether the Rules apply to your organization and/or if you need assistance in designing and implementing an identify theft prevention program, please feel free to contact your regular attorney at Taft.
Bookmark and Share