FTC Extends Enforcement Date of Red Flags Rule

Client Alert | 1 min read | 08.03.09

The Federal Trade Commission (the "FTC") announced that it has postponed enforcement of the Red Flags Rule¹ until November 1, 2009. This is the third enforcement extension by the FTC. The Red Flags Rule became effective January 1, 2008 and the mandatory enforcement date was originally November 1, 2008. The FTC suspended enforcement of the Rule until May 1, 2009 and subsequently suspended enforcement until August 1, 2009.²

The Red Flags Rule requires financial institutions and creditors to look for "red flags" that signal possible identity theft. The FTC announced that it has provided this additional extension since small businesses and entities with a low risk of identity theft remain uncertain of their obligations. The FTC intends to provide additional guidance to assist these companies. The FTC explained in a July 29th press release that these steps are consistent with the House Appropriations Committee's request that the FTC defer enforcement in conjunction with additional efforts to minimize the burden on health care providers and small businesses with a low risk of identity theft problems.

Please let us know if you have any questions or if we can help you in crafting a compliant Program.

¹ 72 Fed. Reg. 63717, 63771-63775 (Nov. 9, 2007) (codified at 16 C.F.R. Part 681).

² The enforcement delay does not apply to the address discrepancy and credit card issuer rules. These rules are not addressed in this Health Law Alert.

Insights

Client Alert | 2 min read | 05.14.26

Proposed DFARS Rule Could Require Disclosures and Mitigation Related to Foreign Ownership, Control, and Influence (FOCI) on Certain Unclassified Contracts

On May 7, 2026, the Department of War issued the long-awaited Proposed Rule to implement Section 847 of the FY 2020 National Defense Authorization Act (NDAA) regarding Foreign Ownership, Control or Influence (FOCI) requirements for contractors. The proposed rule would expand the applicability of FOCI reviews, requiring contractors and subcontractors on unclassified “covered contracts” — defense contracts and subcontracts valued in excess of $5 million that are not for commercial products and services — to submit FOCI disclosures to the Defense Counterintelligence and Security Agency (DCSA) for FOCI risk assessment (and as applicable, mitigation) as part of contract award. This would effectively require DCSA assessment and adjudication of FOCI considerations prior to contract award. Thus, both cleared and uncleared defense contractors would be subject to the rigorous DCSA disclosure requirements, scrutiny, and FOCI mitigation. Crowell discussed the Section 847 requirements in a prior alert....

Client Alert | 4 min read | 05.14.26
Supply Chain Disruption – Again
Client Alert | 6 min read | 05.12.26
EU Pharma Package: Advertising Compromise Proposal
Client Alert | 5 min read | 05.12.26
NYDFS Ramps Up Health Care Cybersecurity Enforcement With $2.25 Million Settlement

View All Insights