FTC Delays Enforcement of Red Flag Rule Requiring Identity Theft Prevention Programs
The Federal Trade Commission announced that it will suspend enforcement
of the new "Red Flags Rule" until May 1, 2009, to give creditors and
financial institutions additional time in which to develop and
implement written identity theft prevention programs.
The Federal Trade Commission announced that it will suspend enforcement of the new "Red Flags Rule" until May 1, 2009, to give creditors and financial institutions additional time in which to develop and implement written identity theft prevention programs.
The Red Flags Rule, summarized in the November issue of the Municipality, was developed pursuant to the Fair and Accurate Credit Transactions Act (FACTA) of 2003 and requires creditors with covered accounts to have identity theft prevention programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft. The deadline was November 1, 2008, but some industries and entities within the FTC's jurisdiction were uncertain about their coverage under the Rule and indicated that they were not aware that they were engaged in activities that would cause them to fall under the FACTA's definition of creditor or financial institution. Many entities also noted that, because they generally are not required to comply with FTC rules in other contexts, they had not followed or even been aware of the rulemaking, and therefore learned of the Rule's requirements too late to be able to come into compliance by November 1, 2008. The Commission announced that it would delay enforcement to enable these entities sufficient time to establish and implement appropriate identity theft prevention programs, in compliance with the Rule.
The Red Flags Rule, summarized in the November issue of the Municipality, was developed pursuant to the Fair and Accurate Credit Transactions Act (FACTA) of 2003 and requires creditors with covered accounts to have identity theft prevention programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft. The deadline was November 1, 2008, but some industries and entities within the FTC's jurisdiction were uncertain about their coverage under the Rule and indicated that they were not aware that they were engaged in activities that would cause them to fall under the FACTA's definition of creditor or financial institution. Many entities also noted that, because they generally are not required to comply with FTC rules in other contexts, they had not followed or even been aware of the rulemaking, and therefore learned of the Rule's requirements too late to be able to come into compliance by November 1, 2008. The Commission announced that it would delay enforcement to enable these entities sufficient time to establish and implement appropriate identity theft prevention programs, in compliance with the Rule.
Latest Press
NLC CitiesSpeak
- What’s Local Government’s Role in Community Well-being?
- What Does “Systems Change” Actually Mean?
- Communicating Clearly About Community Health
- How to Talk About Health Equity as a City Leader
- Supreme Court Issues Employment Discrimination Opinion with Direct Municipal Implications
- Southern Cities Strive to Ensure Second Chances