As we previously reported here, the Federal Trade Commission (“FTC”) extended the compliance date for the Red Flag Rules from May 1, 2009 to August 1, 2009. According to the FTC, the Red Flag Rules are risk-based in recognition of the burden that the Red Flag Rules could impose upon an entity that has only a small risk of identity theft. The FTC makes clear that higher risk entities should have more elaborate identity theft programs, while low risk entities may have less complex programs. To assist low risk entities, the FTC has posted on its Red Flag website a “Do-It-Yourself” Red Flag program for entities that are at low risk for identify theft.

Click here for a copy of the template program, or visit the FTC website here.