At the end of July, the Federal Trade Commission (FTC) put out a press release announcing that they would be extending the enforcement of the "Red Flags" Rule by another three months. This extension was granted based upon continued confusion from businesses about this new rule, particularly small businesses and entities.
The Federal Trade Commission staff will redouble its efforts to educate them about compliance with the "Red Flags" Rule and ease compliance by providing additional resources and guidance to clarify whether businesses are covered by the Rule and what they must do to comply.
The "Red Flags" Rule, which went into effect on January 1, 2008, requires many businesses and organizations ("creditors" and "financial institutions") to implement a written Identity Theft Prevention Program. This program should detect early warning signs (red flags) of identity theft, take steps to prevent the crime, and mitigate damage that could be caused by it. The Red Flags Rule applies to "financial institutions" and "creditors," though those terms apply more broadly than in typical use.
Check out the FTC site to determine if the Red Flags Rule applies to your organization, to get practical tips on spotting identity theft, and to learn how to put your ID Theft Prevention program into place. Based on this revised effort, the FTC will begin enforcement of the "Red Flags" rule on November 1, 2009.
Hat tip to Hunton & Williams