The Federal Trade Commission ("FTC") announced on July 29, 2009, that the agency would once again delay enforcement of the "Red Flags Rule"—this time until November 1, 2009. The red flag rules and guidelines require financial institutions and creditors to formulate and implement identity-theft prevention programs. In a recent enforcement policy statement, the FTC explained that the new rules applied to a wide range of industries and entities, many of which were unaware until very recently that they would be considered a "financial institution" or "creditor" for the purposes of the rules. Many of these businesses were generally not required to comply with FTC rules in other contexts and had not been aware of the red flag rules.

For more information, please see our previous Alerts on the topic by clicking on the links below:

"Red Flag" Identity Theft Rules Apply to Unsuspecting Businesses; FTC Extends Compliance Deadline Again

"Red Flag" Rules May Snare Unsuspecting Businesses

Feds Force Businesses to Implement Identity Theft Prevention Measures by Fall 2008