FTC Extends Its Red Flags Rule Compliance Deadline to November 1, 2009

On Wednesday, July 29, 2009, the Federal Trade Commission (“FTC”) announced the third extension of its deadline for compliance with the Red Flags Rule (the “Rule”). The new deadline for compliance is November 1, 2009, a full year later than the initial deadline imposed by the FTC.

The Rule, a measure taken by the FTC to combat identity theft, requires those who meet the statutory definition of a “financial institution” or “creditor” and who have “covered accounts” to establish identity theft prevention programs. Because so many businesses requested guidance from the FTC on how to comply with the Rule, the House Appropriations Committee requested that the FTC delay its enforcement of the Rule, which was to begin on August 1, 2009, for a third time. During this extension, the FTC plans to provide more guidance related to which businesses are covered by the Rule and the steps those covered entities need to take in order to abide by the Rule’s requirements and objectives. Through this process, the FTC hopes to minimize the Rule’s burden on health care providers and small businesses.

Please note that this delayed enforcement date applies only to entities subject to FTC oversight. Entities that are subject to other federal agencies’ enforcement of the Rule must comply with the original November 1, 2008, deadline.

For more information on the Rule and its requirements, please see Locke Lord Bissell & Liddell’s July 14, 2009, Client Alert entitled “The Red Flags Waive for Thee!

Click here for the FTC’s press release on this latest deadline extension from August 1, 2009, to November 1, 2009.