The Federal Trade Commission (FTC) announced on October 22, 2008 that it will suspend enforcement of the new identity-theft "Red Flags Rule" from the rule's compliance deadline of November 1, 2008 until May 1, 2009 to give creditors and financial institutions additional time to develop and implement the required written identity-theft prevention programs.
The Red Flags Rule was developed pursuant to the Fair and Accurate Credit Transactions (FACT) Act of 2003. Under the rule, financial institutions and creditors—including any business that accepts deferred payments for services—with covered accounts must have identity-theft prevention programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft. Some examples of creditors are finance companies, automobile dealers, mortgage brokers, utility companies, telecommunications companies, healthcare providers, and nonprofit and government.
During the course of outreach efforts, the FTC staff learned that some industries and entities within the FTC's jurisdiction were uncertain about their coverage under the rule and learned of the rule's requirements too late to be able to come into compliance by November 1, 2008. The Commission says that its delay of enforcement will enable these entities sufficient time to establish and implement appropriate identity-theft prevention programs as required by the rule.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
