FACTA : Privacy & Information Security Law Blog

Home > FACTA >

Health Care Providers Potentially Exempt from Red Flags Rule

Posted on June 17, 2010 by Hunton & Williams LLP

As reported in BNA’s Privacy Law Watch, the Federal Trade Commission intends to agree to temporarily exempt health care providers from the FTC’s Identity Theft Red Flags Rule. The Red Flags Rule implements Sections 114 and 315 of the Fair and Accurate Credit Transactions Act. In relevant part, the Rule requires creditors and financial institutions that offer or maintain certain accounts to implement an identity theft prevention program. The FTC previously has stated that health care providers could be deemed “creditors” under the Rule. The agreement will grant relief to health care providers until the resolution of litigation pending before the U.S. District Court for the District of Columbia, in which the American Medical Association and other health groups have asked the court to prevent the FTC from applying the rule to physicians. As we reported in our previous blog post, the FTC has delayed enforcement of the Red Flags Rule until December 31, 2010, to allow Congress to take action to clarify the Rule’s scope.

Tags: Consumer Protection, Enforcement, FACTA, FCRA, Federal Trade Commission, Health Privacy, Identity Theft, red flags rule

FTC Set to Appeal the Red Flags Rule Exemption for Attorneys and Law Firms

Posted on March 1, 2010 by Hunton & Williams LLP

On February 25, 2010, the Federal Trade Commission filed a notice that it is appealing the D.C. District Court’s December 28, 2009 judgment in favor of the American Bar Association in American Bar Association v. FTC. The District Court’s summary judgment held that the FTC’s Identity Theft Red Flags Rule (“Red Flags Rule” or the “Rule”) does not apply to attorneys or law firms. The Rule implements Sections 114 and 315 of the Fair and Accurate Credit Transactions Act. In relevant part, the Rule requires creditors and financial institutions that offer or maintain certain accounts to implement an identity theft prevention program. The program must be designed to detect, prevent and mitigate the risk of identity theft. Prior to the district court’s decision, the FTC had taken the position in publications and numerous panels that attorneys and law firms meet the Rule’s definition of “creditor” because they allow clients to pay for legal services after the services are rendered.

To read more about the Red Flags Rule, please see our previous blog posts.

View the FTC’s notice of appeal.

Tags: American Bar Association, Enforcement, FACTA, FCRA, Federal Trade Commission, Financial Privacy, Identity Theft, red flags rule

Court Finds That Lawyers Are Not Subject to the FTC's Identity Theft Red Flags Rule

Posted on October 29, 2009 by Hunton & Williams LLP

It is being reported that the U.S. District Court for the District of Columbia agreed this morning with the American Bar Association's argument that the FTC's Identity Theft Red Flags Rule ("Red Flags Rule" or the "Rule") does not apply to lawyers. The Rule implements Section 114 and 315 of the Fair and Accurate Credit Transactions Act (the "FACT Act"). In relevant part, the Rule requires creditors and financial institutions that offer or maintain certain accounts to implement an identity theft prevention program. The program must be designed to detect, prevent, and mitigate the risk of identity theft. The FTC has interpreted the definition of "creditor" broadly. The Commission has taken the position in publications and numerous panels that lawyers and law firms meet the definition of creditor because they allow clients to pay for legal services after the services are rendered. For law firms (as well as for other entities that the FTC deems subject to its enforcement jurisdiction), November 1, 2009 is the deadline for compliance with the provisions of the Rule that require implementation of an identity theft prevention program.

In reaching the decision, Judge Reggie Walton is reported to have stated that he was reluctant to conclude that Congress intended to regulate lawyers when it enacted the FACT Act, which the Red Flags Rule implements. The court also questioned the FTC's broad interpretation of the term "creditor." Judge Walton is reported to have questioned whether the term could be interpreted so broadly as to render a plumber who bills a customer after performing his work a "creditor" within the meaning of the Rule. Notably, the Judge's comment may leave the door open for other challenges to the Rule by myriad small businesses whom the FTC considers "creditors" subject to the Rule.

It is reported that the court granted an injunction against the enforcement of the Rule and a declaratory judgment finding that lawyers are not subject to the Rule. The FTC is expected to appeal the decision.

Tags: American Bar Association, Congress, District of Columbia, Enforcement, FACTA, FCRA, Federal Trade Commission, Financial Privacy, Identity Theft, Information Security, Legal, red flags rule

FTC Extends Red Flags Compliance Deadline to November 1

Posted on July 30, 2009 by Hunton & Williams LLP

On July 29, 2009, the Federal Trade Commission ("FTC") announced another three-month delay in the enforcement of the provision of Identity Theft Red Flags and Address Discrepancies Rule (the "Rule") that requires creditors and financial institutions to implement an Identity Theft Prevention Program. The FTC noted that small businesses and entities with a low risk of identity theft remain uncertain about their obligations under the Rule and pledged to "redouble" its efforts to educate businesses about compliance with the Rule. The new enforcement deadline for creditors and financial institutions is November 1, 2009. The FTC news release is available here.

Tags: Compliance, Enforcement, FACTA, FCRA, Federal Trade Commission, Financial Privacy, Identity Theft, Information Security, red flags rule

Agencies Issue Final Rules on Credit Report Accuracy under FACTA

Posted on July 16, 2009 by Hunton & Williams LLP

The Federal Trade Commission (“FTC”) recently issued new rules and guidelines to promote the accuracy of consumer information included in credit reports. The final rules and guidelines were issued in conjunction with the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Office of the Comptroller of the Currency and the Office of Thrift Supervision (the “Agencies”) pursuant to Section 312 of the Fair and Accurate Transactions Act of 2003 (“FACTA”). The Agencies’ release regarding the new rules, entitled “Procedures to Enhance the Accuracy and Integrity of Information Furnished to Consumer Reporting Agencies Under Section 312 of the Fair and Accurate Credit Transactions Act” and “Guidelines for Furnishers of Information to Consumer Reporting Agencies,” was issued on July 1, 2009. The final rules and guidelines will take effect on July 1, 2010.

The final rules and guidelines include provisions allowing consumers to dispute inaccuracies in their credit files directly with entities that furnish information to credit reporting agencies, including financial institutions and other organizations. The Agencies’ guidelines specify the steps credit information furnishers should take to ensure the accuracy and integrity of the information they provide to credit reporting agencies, including suggestions such as when it may be necessary to provide supplemental information in order to avoid creating misleading impressions about creditworthiness. The accuracy and integrity of information contained in credit reports is critical to individual consumers, as this information is used to assess eligibility for credit, employment, insurance and housing, and consumers with errors in their credit reports may be denied access to benefits.

A copy of the final rules and guidelines is available here.

Tags: Consumer Protection, FACTA, FCRA, Federal Trade Commission, Financial Privacy

Obama Proposes New Agency to Regulate Consumer Financial Privacy

Posted on July 2, 2009 by Hunton & Williams LLP

On June 30, 2009, the Obama Administration sent legislation to Congress that would create a new Consumer Financial Protection Agency ("CFPA"). Working with state regulators, the new agency would assume authority for the privacy provisions of the Gramm-Leach-Bliley Act, and would have the power to write rules and impose penalties pursuant to a variety of existing statutes, including the Fair Credit Reporting Act and the Fair and Accurate Credit Transactions Act. To date, these powers have been shared among all financial services regulators, including the Federal Trade Commission ("FTC"). Under the proposal, the FTC would retain primary responsibility for preventing fraud and encouraging security in the financial markets.

While some regulatory authority for financial products and services protections would flow from the FTC to the CFPA, the FTC would have increased powers to issue rules related to unfair and deceptive practices, and an enhanced ability to issue civil monetary penalties. The proposal also includes expanded FTC authority over the banking sector with respect to data security. While the legislation proposes transferring staff from certain financial services regulators, there would be no transfer of staff from the FTC. Accordingly, the FTC may have more resources to pursue other consumer protection issues, including privacy in non-financial markets.

The Administration's full report on its financial reform plan can be viewed here.

Tags: Congress, Consumer Protection, Enforcement, FACTA, FCRA, Federal Trade Commission, Financial Privacy, Gramm Leach Bliley Act, Obama

FTC Delays Enforcement of the Red Flags Rule until August 1, 2009

Posted on May 1, 2009 by Hunton & Williams LLP

At the eleventh hour, the Federal Trade Commission announced that it will once again delay enforcement of the Red Flags Rule. The Red Flags Rule was promulgated pursuant to the Fair and Accurate Credit Transactions Act of 2003 ("FACTA"). The previous compliance date was May 1, 2009, which was an extension from the original deadline of November 1, 2008. The new extension applies only to the provisions of the Rule requiring financial institutions and creditors to implement an identity theft prevention program. The continuing enforcement delays respond to ongoing uncertainty about the Rule's intended scope. In announcing this latest delay, the FTC cited "the ongoing debate about whether Congress wrote this provision [of FACTA] too broadly" and stated that extending the compliance deadline would "allow industries and associations to share guidance with their members . . . and give Congress time to consider the issue further." On March 20, 2009, the FTC published the Red Flags Rule Compliance Guide to assist organizations that must comply with the Red Flags Rule. The FTC stated in its news release yesterday that it will attempt to address some of the concerns regarding compliance with the Rule by publishing an identity theft prevention program template for low risk entities. The FTC's news release is available here.

Tags: Compliance, FACTA, FCRA, Federal Trade Commission, Identity Theft, Information Security, red flags rule

This website is for general information purposes only. Information posted is not intended to be legal advice. For more information, please see the Disclaimer and Privacy Notice links.

Computerworld magazine has named Hunton & Williams the top firm for privacy for the third year in a row based on a survey of more than 2,000 corporate privacy professionals.More...

Topics

Behavioral Advertising
Centre for Information Policy Leadership
Enforcement
European Union
Events
FCRA
Financial Privacy
General
Health Privacy
Identity Theft
Information Security
International
Marketing
Online Privacy
Security Breach
State Law
Workplace Privacy

Archives

Recent Updates

Links

Financial Industry News

Companies cry foul over privacy reforms SOME of Australia's largest companies fear a big increase in compliance costs from proposed reforms to the country's privacy laws. Companies including Coles Supermarkets, National Australia Bank, Telstra and Westpac say the proposals must be...
August 29, 2010 12:51 PM
Age of information liability coming to Taiwan 12:15 am TWN, By Benjamin Chiang On April 27, Taiwan's Legislative Yuan passed revisions to the Personal Data Protection Act in its third reading. Consisting of 56 articles, the Act is expected to be formally enforced in the first half of next year. For...
August 29, 2010 7:36 PM
Belfast Telegraph: Explosives expert sparks courtroom security alert An American expert in explosives chemistry caused a "rapid reaction" in a court room where Prime Minister David Cameron's brother was sitting by taking vials of chemicals from her handbag, an inquest was told yesterday.Lawyer Alex Cameron QC was sitting yards away when the woman, who cannot be identified for legal reasons, produced the containers during an inquest at Southend Crown Court in Essex into the death of Ministry of Defence scientist Terry Jupp.Coroner Peter Dean said her actions...
August 29, 2010 2:35 PM
RIMM Wins Reprieve From India; Offers Proposal On Security News, analysis and insights from Barron's Silicon Valley bureau.Research In Motion(RIMM) has averted a shutdown of its BlackBerry service in India, at least for now.The company has offered proposals to the country's government that are intended to...
August 30, 2010 5:59 AM
Hair drug tests for parents 'aid child protection' TESTING the hair of parents for drug and alcohol misuse could protect children in Scotland, according to a company that is lobbying ministers, MSPs and drugs agencies.Cardiff-based Concateno carried out more than 10,000 such tests on behalf of law firms, courts and social work departments in England and Wales in 2009, but only 29 in Scotland.It has now launched an "awareness campaign" to boost knowledge of its services among policy makers and interest groups involved in child protection...
August 29, 2010 6:00 PM
Private Islam, public protection Around discussions of perhaps no other topic have the proper roles of public governance and private behavior been more convoluted.If youve ever taken a literature or cinema class, you probably heard the professor or parroting students say something like,...
August 29, 2010 11:54 AM
Tech universe: Monday 30 August By Miraz Jordan A round-up of the latest technology news from around the globe. The US military has banned thumb drives. Photo / Thinkstock BAD USB: In 2008 the US military suffered its biggest data breach ever. A spy introduced malware from a thumb...
August 29, 2010 3:25 PM
The Times of India: After BlackBerry, govt turns heat on internet biggies NEW DELHI: As it talks tough with Research in Motion (RIM) - the makers of BlackBerry - to provide access to the encrypted data flowing through its network, the government is contemplating measures to ban internet companies like Google, Skype and Yahoo if they don't up their servers in India and give access to intelligence agencies.Recently, agencies had problems retrieving data from servers of some of these internet companies located abroad while tracking mails of terror suspects and,...
August 29, 2010 1:50 PM
Nokia Setting Up Enterprise Mail Servers in India Nokia will set up servers in India by November for its push e-mail service in the country to comply with government regulations, the company said Monday. The announcement by Nokia comes a day before an Indian government deadline to Research In Motion to...
August 30, 2010 5:50 AM
Feds' approval of voter verification program could impact future elections WASHINGTON -- With the U.S. Department of Justice's approval, Georgia now has one of the toughest voter verification and ID systems in the country.Last week, the Justice Department abruptly ended years of legal fights with the state and gave its approval...
August 29, 2010 8:02 AM

Privacy & Information Security Law Blog

Unless otherwise noted, attorneys not certified by the Texas Board of Legal Specialization.

The Hunton & Williams law firm's Privacy and Information Management practice includes attorneys who provide services related to privacy law and information security. Our lawyers practice in all areas of privacy and information security, including: state and federal privacy law compliance; EU data protection compliance, including global data transfer mechanisms such as the U.S. Safe Harbor program and model clauses; HIPAA compliance, including the Privacy Rule and Safeguards Rule; GLBA compliance, including the Privacy Rule and Safeguards Rule; FCRA compliance, including disclosure of consumer reports, Affiliate Marketing Rule compliance, and Red Flags Rule compliance; e-commerce issues such as CAN-SPAM, TCPA, mobile marketing, other direct marketing and behavioral advertising; response to and preparation for information security breaches, including breach notification; workplace privacy, such as employee monitoring; identity theft; records management, records retention, and records disposal; online privacy such as COPPA compliance and website privacy notices; e-discovery; and FTC or other government enforcement actions.

Atlanta, Austin, Bangkok, Beijing, Brussels, Charlotte, Dallas, Houston, London, Los Angeles, McLean, Miami, New York, Norfolk, Raleigh, Richmond, San Francisco, Washington - www.hunton.com

LexBlog Lawyer Blogs and Law Firm Blog Design

Privacy & Information Security Law Blog : Privacy Lawyer & Attorney : Hunton & Williams Law Firm : Personal Data, Information Security

Published By
Hunton & Williams

Global privacy and information security law updates and analysis