Privacy and Information Security Law Blog

Tag Archives: Red Flags Rule

FTC Issues Interim Final Rule Amending Red Flags Rule “Creditor” Definition

Posted on December 4, 2012 by Hunton & Williams LLP

On November 30, 2012, the Federal Trade Commission announced the issuance of an interim final rule (“Interim Final Rule”) that makes the definition of “creditor” in the FTC’s Identity Theft Red Flags Rule (“Red Flags Rule”) consistent with the definition contained in the Red Flag Program Clarification Act of 2010.

Tags: Consumer Protection, FCRA, Federal Trade Commission, Financial Privacy, Identity Theft, Obama, Red Flags Rule

President Obama Signs Red Flag Program Clarification Act

Posted on December 20, 2010 by Hunton & Williams LLP

On December 18, 2010, President Obama signed into law the “Red Flag Program Clarification Act of 2010” (S.3987), which amends the Fair Credit Reporting Act with respect to the applicability of identity theft guidelines to creditors. The law limits the scope of the Federal Trade Commission’s Identity Theft Red Flags Rule (“Red Flags Rule”), which requires “creditors” and “financial institutions” that have “covered accounts” to develop and implement written identity theft prevention programs to help identify, detect and respond to patterns, practices or specific activities that indicate possible identity theft.

Tags: Congress, Consumer Protection, Enforcement, FCRA, Federal Trade Commission, Financial Privacy, Identity Theft, Legislation, Obama, Red Flags Rule, Social Security Number, U.S. Federal Law

Senate Passes Bill to Limit Red Flags Rule Scope

Posted on December 3, 2010 by Hunton & Williams LLP

The “Red Flag Program Clarification Act of 2010” (S. 3987) has passed the Senate. The legislation would limit the scope of the Red Flags Rule, which requires certain “creditors” to develop and implement written identity theft prevention programs to help identify, detect and respond to patterns, practices or specific activities that indicate possible identity theft. The new legislation would exclude from the definition of “creditor” certain entities that “[advance] funds on behalf of a person for expenses incidental to a service provided by the creditor to that person.” As we previously reported, companion legislation has been introduced in the House of Representatives.

Tags: Congress, Consumer Protection, Enforcement, FCRA, Federal Trade Commission, Financial Privacy, Identity Theft, Red Flags Rule, U.S. Federal Law

House Bill to Limit Scope of Red Flags Rule with Amended “Creditor” Definition

Posted on November 19, 2010 by Hunton & Williams LLP

On November 17, 2010, Representative John Adler (D-NJ) introduced the Red Flag Program Clarification Act of 2010 (H.R. 6420) to “amend the Fair Credit Reporting Act with respect to the applicability of identity theft guidelines to creditors.” The bipartisan bill seeks to limit the scope of the FTC’s Identity Theft Red Flags Rule, which requires “creditors” and “financial institutions” that have “covered accounts” to develop and implement written identity theft prevention programs to help identify, detect and respond to patterns, practices or specific activities that indicate possible identity theft.

Tags: Congress, Consumer Protection, Enforcement, FCRA, Federal Trade Commission, Financial Privacy, Red Flags Rule, U.S. Federal Law

Health Care Providers Potentially Exempt from Red Flags Rule

Posted on June 17, 2010 by Hunton & Williams LLP

As reported in BNA’s Privacy Law Watch, the Federal Trade Commission intends to agree to temporarily exempt health care providers from the FTC’s Identity Theft Red Flags Rule. The Red Flags Rule implements Sections 114 and 315 of the Fair and Accurate Credit Transactions Act. In relevant part, the Rule requires creditors and financial institutions that offer or maintain certain accounts to implement an identity theft prevention program. The FTC previously has stated that health care providers could be deemed “creditors” under the Rule. The agreement will grant relief to health care providers until the resolution of litigation pending before the U.S. District Court for the District of Columbia, in which the American Medical Association and other health groups have asked the court to prevent the FTC from applying the rule to physicians. As we reported in our previous blog post, the FTC has delayed enforcement of the Red Flags Rule until December 31, 2010, to allow Congress to take action to clarify the Rule’s scope.

Tags: Consumer Protection, Enforcement, FACTA, FCRA, Federal Trade Commission, Health Privacy, Identity Theft, Red Flags Rule, U.S. Federal Law

FTC Further Extends Enforcement Deadline for Red Flags Rule

Posted on May 28, 2010 by Hunton & Williams LLP

On May 28, 2010, the FTC announced that it would again delay enforcement of the Identity Theft Red Flags Rule. This is the fifth time the Commission has announced an extension of the enforcement deadline, after most recently extending the deadline to June 1, 2010. The Red Flags Rule requires “creditors” and “financial institutions” that have “covered accounts” to develop and implement written identity theft prevention programs to help identify, detect and respond to patterns, practices or specific activities – known as “red flags” – that could indicate identity theft. The enforcement date is now December 31, 2010, for creditors and financial institutions subject to FTC jurisdiction. The FTC stated that the delay had been requested by members of Congress who are currently considering a bill that would limit the rule’s scope. If Congress passes legislation limiting the scope of the Red Flags Rule with an effective date earlier than December 31, 2010, the FTC will begin enforcement as of that effective date.

Please refer to our previous post regarding other developments that may limit the Red Flags Rule’s application.

Tags: Congress, Enforcement, FCRA, Federal Trade Commission, Financial Privacy, Identity Theft, Red Flags Rule, U.S. Federal Law

FTC Set to Appeal the Red Flags Rule Exemption for Attorneys and Law Firms

Posted on March 1, 2010 by Hunton & Williams LLP

On February 25, 2010, the Federal Trade Commission filed a notice that it is appealing the D.C. District Court’s December 28, 2009 judgment in favor of the American Bar Association in American Bar Association v. FTC. The District Court’s summary judgment held that the FTC’s Identity Theft Red Flags Rule (“Red Flags Rule” or the “Rule”) does not apply to attorneys or law firms. The Rule implements Sections 114 and 315 of the Fair and Accurate Credit Transactions Act. In relevant part, the Rule requires creditors and financial institutions that offer or maintain certain accounts to implement an identity theft prevention program. The program must be designed to detect, prevent and mitigate the risk of identity theft. Prior to the district court’s decision, the FTC had taken the position in publications and numerous panels that attorneys and law firms meet the Rule’s definition of “creditor” because they allow clients to pay for legal services after the services are rendered.

To read more about the Red Flags Rule, please see our previous blog posts.

View the FTC’s notice of appeal.

Tags: American Bar Association, Enforcement, FACTA, FCRA, Federal Trade Commission, Financial Privacy, Identity Theft, Red Flags Rule, U.S. Federal Law

FTC Extends Enforcement Deadline for Red Flags Rule (Again)

Posted on October 30, 2009 by Hunton & Williams LLP

The FTC today announced that it would, for the fourth time, delay enforcement of the Identity Theft Red Flags Rule. The enforcement date is now June 1, 2010 for creditors and financial institutions subject to FTC jurisdiction. The agency stated that the delay was requested by members of Congress, who are currently considering a bill that would limit the rule’s scope. That bill (which would exclude certain entities with 20 or fewer employees from the rule’s definition of "creditor" and also would provide a mechanism for other entities to apply for that exclusion) recently passed the House by a margin of 400 to 0 and was referred to the Senate Committee on Banking, Housing and Urban Affairs. Please refer to our recent post regarding other developments that limit the rule’s application.

Tags: Congress, Enforcement, FCRA, Financial Privacy, Identity Theft, Information Security, Red Flags Rule

Court Finds that Lawyers Are Not Subject to the FTC’s Identity Theft Red Flags Rule

Posted on October 29, 2009 by Hunton & Williams LLP

It is being reported that the U.S. District Court for the District of Columbia agreed this morning with the American Bar Association’s argument that the FTC’s Identity Theft Red Flags Rule ("Red Flags Rule" or the "Rule") does not apply to lawyers. The Rule implements Section 114 and 315 of the Fair and Accurate Credit Transactions Act (the "FACT Act"). In relevant part, the Rule requires creditors and financial institutions that offer or maintain certain accounts to implement an identity theft prevention program. The program must be designed to detect, prevent, and mitigate the risk of identity theft. The FTC has interpreted the definition of "creditor" broadly. The Commission has taken the position in publications and numerous panels that lawyers and law firms meet the definition of creditor because they allow clients to pay for legal services after the services are rendered. For law firms (as well as for other entities that the FTC deems subject to its enforcement jurisdiction), November 1, 2009 is the deadline for compliance with the provisions of the Rule that require implementation of an identity theft prevention program.

Tags: American Bar Association, Congress, District of Columbia, Enforcement, FACTA, FCRA, Federal Trade Commission, Financial Privacy, Identity Theft, Information Security, Red Flags Rule, U.S. Federal Law

As Red Flags Deadline Looms, Attempts to Limit Scope Advance

Posted on October 22, 2009 by Hunton & Williams LLP

The November 1st deadline for compliance with the FTC’s Red Flags Rule Identity Theft Prevention Program requirements is rapidly approaching. Of late, there has been a flurry of activity aimed at limiting the scope of the rule. The Red Flags Rule, which was jointly promulgated by several federal agencies in November 2007, requires all “creditors” that offer or maintain a “covered account” to implement a written identity theft prevention program. A “creditor” is defined broadly to include “any person who regularly extends, renews, or continues credit.” In March 2009, the Federal Trade Commission (“FTC”) published a how-to guide for businesses to comply with the Red Flags Rule that confirmed the FTC will broadly construe the rule, stating that the definition of a “creditor” includes all businesses that “provide goods or services and bill customers later.”

Tags: American Bar Association, Enforcement, FCRA, Federal Trade Commission, Identity Theft, Red Flags Rule, U.S. Federal Law

Privacy and Information Security Law Blog - Global privacy and information security law updates and analysis

Tag Archives: Red Flags Rule

FTC Issues Interim Final Rule Amending Red Flags Rule “Creditor” Definition

Senate Passes Bill to Limit Red Flags Rule Scope

House Bill to Limit Scope of Red Flags Rule with Amended “Creditor” Definition

Health Care Providers Potentially Exempt from Red Flags Rule

FTC Further Extends Enforcement Deadline for Red Flags Rule

FTC Set to Appeal the Red Flags Rule Exemption for Attorneys and Law Firms

FTC Extends Enforcement Deadline for Red Flags Rule (Again)

Court Finds that Lawyers Are Not Subject to the FTC’s Identity Theft Red Flags Rule

As Red Flags Deadline Looms, Attempts to Limit Scope Advance

Published By Hunton & Williams

Search

Subscribe

Topics

Recent Updates

Blogroll

Stay Connected

Privacy News