In a previous Business Services Alert, we summarized the "Red Flag Rules" that were promulgated pursuant to the Fair Credit Reporting Act ("FCRA") to help combat identity theft. In the Alert, we outlined what kinds of businesses were subject to the Red Flag Rules and the procedures that needed to be taken to come into compliance with the Red Flag Rules. We also informed you that the original date for coming into compliance with the Red Flag Rules was November 1, 2008 but that for entities subject to the jurisdiction of the Federal Trade Commission, the compliance enforcement date was delayed until May 1, 2009. A copy of the previous Alert may be accessed on the Dykema Gossett PLLC website at the following address: http://www.dykema.com/consumer/news/consumeralert1008.pdf.
On April 30, 2009, the day before the scheduled May 1, 2009 enforcement date, the FTC announced that it would delay enforcement of the Red Flag Rules for three months until August 1, 2009. FTC Chairman Jon Leibowitz noted that there was an ongoing debate "about whether Congress wrote this provision too broadly" and that delaying enforcement of the Red Flags Rule would allow Congress time to consider the issue further. Leibowitz also pointed out that the delay will allow industries and associations time to share guidance with their members and provide such businesses time to develop their compliance programs. A copy of the FTC News Release may be accessed at http://www.ftc.gov/opa/2009/04/redflagsrule.shtm.