The FTC has delayed yet again the enforcement of the Red Flags rules to November 1, 2009. The new effective date is August 1, 2009. This follows initial delayed enforcement dates of May 1 and then August 1, 2009.

In a previous Alert, we summarized the "Red Flags Rule" that was promulgated pursuant to the Fair Credit Reporting Act ("FCRA") to help combat identity theft. In the Alert, we outlined what kinds of businesses were subject to the Red Flags Rule and the procedures that needed to be taken to come into compliance with the Red Flags Rule. We also informed you that the original date for coming into compliance with the Red Flags Rule was November 1, 2008 but that for entities subject to the jurisdiction of the Federal Trade Commission, the compliance enforcement date was delayed until May 1, 2009.

A copy of that Alert is attached.

Small business and so-called "low risk" entities have new reason to cheer. The FTC staff has indicated that it would be unlikely to recommend bringing an enforcement action if such entities know their customers or clients individually, or if they perform services in or around their customer's homes or they operate in sectors where identity theft is rare and they have not themselves been the target of identity theft.