FTC Delays Enforcement of Red Flag Rule Requiring Identity Theft Prevention Programs
The Federal Trade Commission announced that it will suspend enforcement
of the new "Red Flags Rule" until May 1, 2009, to give creditors and
financial institutions additional time in which to develop and
implement written identity theft prevention programs.
The Federal Trade Commission announced that it will suspend enforcement of the new "Red Flags Rule" until May 1, 2009, to give creditors and financial institutions additional time in which to develop and implement written identity theft prevention programs.
The Red Flags Rule, summarized in the November issue of the Municipality, was developed pursuant to the Fair and Accurate Credit Transactions Act (FACTA) of 2003 and requires creditors with covered accounts to have identity theft prevention programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft. The deadline was November 1, 2008, but some industries and entities within the FTC's jurisdiction were uncertain about their coverage under the Rule and indicated that they were not aware that they were engaged in activities that would cause them to fall under the FACTA's definition of creditor or financial institution. Many entities also noted that, because they generally are not required to comply with FTC rules in other contexts, they had not followed or even been aware of the rulemaking, and therefore learned of the Rule's requirements too late to be able to come into compliance by November 1, 2008. The Commission announced that it would delay enforcement to enable these entities sufficient time to establish and implement appropriate identity theft prevention programs, in compliance with the Rule.
The Red Flags Rule, summarized in the November issue of the Municipality, was developed pursuant to the Fair and Accurate Credit Transactions Act (FACTA) of 2003 and requires creditors with covered accounts to have identity theft prevention programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft. The deadline was November 1, 2008, but some industries and entities within the FTC's jurisdiction were uncertain about their coverage under the Rule and indicated that they were not aware that they were engaged in activities that would cause them to fall under the FACTA's definition of creditor or financial institution. Many entities also noted that, because they generally are not required to comply with FTC rules in other contexts, they had not followed or even been aware of the rulemaking, and therefore learned of the Rule's requirements too late to be able to come into compliance by November 1, 2008. The Commission announced that it would delay enforcement to enable these entities sufficient time to establish and implement appropriate identity theft prevention programs, in compliance with the Rule.
Latest Press
NLC CitiesSpeak
- Final Municipal Tax Credit Regulations Present Opportunities for Clean Energy Projects
- Charging up The State and Local EV Workforce Collaborative
- Building Equitable Climate Resilience: Learnings from Policy and Systems Change Academy Convening
- Leadership, Partnerships, and Equity Maps help celebrate the Week of Young Child and Earth Month
- Securing Legacies: Strategies for Resolving Heirs’ Property Issues in Cities
- 6 Things for Local Leaders to Know About EPA’s New PFAS Drinking Water Regulations