FTC Extends Enforcement Date of Red Flags Rule

The Federal Trade Commission (the "FTC") announced that it has postponed enforcement of the Red Flags Rule¹ until November 1, 2009. This is the third enforcement extension by the FTC. The Red Flags Rule became effective January 1, 2008 and the mandatory enforcement date was originally November 1, 2008. The FTC suspended enforcement of the Rule until May 1, 2009 and subsequently suspended enforcement until August 1, 2009.²

The Red Flags Rule requires financial institutions and creditors to look for "red flags" that signal possible identity theft. The FTC announced that it has provided this additional extension since small businesses and entities with a low risk of identity theft remain uncertain of their obligations. The FTC intends to provide additional guidance to assist these companies. The FTC explained in a July 29th press release that these steps are consistent with the House Appropriations Committee's request that the FTC defer enforcement in conjunction with additional efforts to minimize the burden on health care providers and small businesses with a low risk of identity theft problems.

Please let us know if you have any questions or if we can help you in crafting a compliant Program.

---

¹ 72 Fed. Reg. 63717, 63771-63775 (Nov. 9, 2007) (codified at 16 C.F.R. Part 681).

² The enforcement delay does not apply to the address discrepancy and credit card issuer rules. These rules are not addressed in this Health Law Alert.