• Organizations Have More Time To Comply With Identity Theft Red Flag Rules
  • June 21, 2010 | Author: Kathryn L. Ossian
  • Law Firm: Miller, Canfield, Paddock and Stone, P.L.C. - Detroit Office
  • Does your organization have a program designed to prevent identity theft of the personal information of your customers and employees?  If not, the good news is that you now have more time to do so without running afoul of federal regulations.

    The "Red Flag Rules," promulgated under the Fair and Accurate Credit Transactions Act, require organizations to adopt a comprehensive program designed to identify, detect and respond to patterns, practices and activities that could indicate identity theft.  The rules, enacted back on January 1, 2008, apply to financial institutions and creditors -- anyone providing products or services in advance of receiving payment for those services.  The Federal Trade Commission has delayed enforcement several times with the most recent enforcement date being June 1, 2010. After pressure from Congress, the FTC has just announced that it will delay enforcement once again, this time until December 31, 2010.

    The Congressional pressure came, in part, due to court decisions that the Red Flag Rules should not apply to members of the American Bar Association and the American Medical Association.  The separate challenges raised by these associations prompted Congress to consider action that could limit the scope of the type of businesses subject to the rules and according to FTC Chairman Jon Leibowitz "fix the unintended consequences of the legislation."  Whether Congress can finalize that fix by the end of the year remains to be seen but, in the meantime, organizations have another reprieve and time to adopt a program that can help protect their customers and employees from the risk of identity theft.