On May 28, 2010, the FTC announced that it would again delay enforcement of the Identity Theft Red Flags Rule. This is the fifth time the Commission has announced an extension of the enforcement deadline, after most recently extending the deadline to June 1, 2010. The Red Flags Rule requires “creditors” and “financial institutions” that have “covered accounts” to develop and implement written identity theft prevention programs to help identify, detect and respond to patterns, practices or specific activities – known as “red flags” – that could indicate identity theft. The enforcement date is now December 31, 2010, for creditors and financial institutions subject to FTC jurisdiction. The FTC stated that the delay had been requested by members of Congress who are currently considering a bill that would limit the rule’s scope. If Congress passes legislation limiting the scope of the Red Flags Rule with an effective date earlier than December 31, 2010, the FTC will begin enforcement as of that effective date.
Please refer to our previous post regarding other developments that may limit the Red Flags Rule’s application.