FTC Delays Enforcement of Red Flags Rule

30 April 2009 Publication
Authors: Chanley T. Howell

Legal News Alert: Privacy, Security & Information Management

The Federal Trade Commission (FTC) announced on April 30, 2009 that it would delay enforcement of the Red Flags Rule (Rule) until August 1, 2009, to give creditors and financial institutions more time to develop and implement written identity theft prevention programs. The FTC also said it would soon release a template-written program to help entities that have a low risk of identity theft — such as businesses that know their customers personally — comply with the Rule.

The original enforcement date for the Rule, November 1, 2008, was previously postponed to May 1, 2009. In its statement announcing the additional delay, the FTC acknowledged that there is an ongoing debate regarding whether Congress wrote the Red Flags provision in the Fair and Accurate Credit Transactions Act of 2003 (FACTA), the legislation authorizing the Rule, too broadly. The FTC indicated that delaying enforcement of the Rule will “give Congress time to consider the issue further.” The delay also will allow industries and associations more time to share guidance with their members, and provide low-risk entities an opportunity to use the template being prepared by the FTC in developing their programs.

FACTA directed the FTC and certain other regulatory agencies to promulgate rules requiring “creditors” and “financial institutions” that maintain covered accounts to implement programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft. The FTC has interpreted the definition of “creditor” broadly to include any entity that regularly permits customers to pay for goods or services after they are provided such as utilities, telecommunications companies, non-profit and government entities that defer payment for goods or services, and businesses that provide services and bill later, including many lawyers, doctors, and other professionals. A number of health care trade associations have complained loudly to the FTC that Congress did not intend the rules to apply to providers, but so far the FTC has disagreed.

On April 2, 2009, the FTC launched a Web site with resources to help covered entities design and implement identity theft programs. The template being developed by the FTC will be posted on that Web site.

The delay of the Rule’s enforcement is good news for health care providers and other entities that have been hurrying to comply. The additional time will help creditors ensure they are compliant by the new August 1, 2009 enforcement date. The FTC’s announcement also provides some hope that Congress will narrow the reach of the Rule prior to that date.

 


Legal News Alert is part of our ongoing commitment to providing up-to-the-minute information about pressing concerns or industry issues affecting clients and colleagues. If you have any questions about this alert or would like to discuss this topic further, please contact your Foley attorney or any of the following individuals:

 

Michael Scarano
San Diego/Del Mar, California
858.847.6712
mscarano@foley.com

Lisa J. Acevedo
Chicago, Illinois
312.832.4381
lacevedo@foley.com

Jennifer G. Karron
Milwaukee, Wisconsin
414.297.5610
jkarron@foley.com

Chanley T. Howell
Jacksonville, Florida
904.359.8745
chowell@foley.com

Peter F. McLaughlin
Boston, Massachusetts
617.502.3265
pmclaughlin@foley.com

Jennifer L. Rathburn
Milwaukee, Wisconsin
414.297.5864
jrathburn@foley.com

Andrew B. Serwin
Chair, Privacy, Security & Information Management Practice
aserwin@foley.com
619.685.6428

Related Services

Insights

A Review of Recent Whistleblower Developments
19 July 2019
Legal News: Whistleblower Developments
Blockchain: A Tool With a Future in Healthcare
18 July 2019
Health Care Law Today
Do You Know What IMMEX Stands For?
16 July 2019
Dashboard Insights
Does The U.S. Need STRONGER Patents?
16 July 2019
PTAB Trial Insights
Review of 2020 Medicare Changes for Telehealth
11 December 2019
Member Call
2019 NDI Executive Exchange
14-15 November 2019
Chicago, IL
MAGI’s Clinical Research Conference
29 October 2019
Las Vegas, NV
Association for Corporate Counsel Annual Meeting 2019
27-30 October 2019
Phoenix, AZ