The FTC recently announced that it would push back the compliance date for its recent “red flag” rules from November 1, 2008 to May 1, 2009. The “red flag” rules and guidelines require financial institutions and creditors to formulate and implement identity theft prevention programs. In a recent enforcement policy statement, the FTC explained that the new rules applied to a wide range of industries and entities, many of which were not aware until very recently that they would be considered a “financial institution” or “creditor” for purposes of the rules. Many of these businesses were generally not required to comply with FTC rules in other contexts and had not been aware of the red flag rules. Additional rules that were published at the same time as the red flag rules apply specifically to credit and debit card issuers and to certain users of consumer reports and still require compliance by November 1, 2008.
For more information, please see our previous Alerts on the topic by clicking on the links below.