Skip to content
DWT logo
People Expertise Insights
About Locations Careers
Search
People
Expertise
Insights
About
Locations
Careers
Search
Advisories
Healthcare

FTC Delays Enforcement of Red Flag Rules to May 1, 2009

By  Rebecca L. Williams RN, JD and Brent R. Eller
10.23.08
Share
Print this page

The Federal Trade Commission (FTC) announced on Oct. 22, 2008, that it is delaying enforcement of the identity theft “Red Flag Rules” until May 1, 2009.  This six-month delay grants healthcare and telecommunications providers and other organizations that are subject to the FTC's jurisdiction additional time to establish and implement identity theft detection, prevention, and mitigation programs that comply with the requirements of the rules, which are found at 16 C.F.R. § 681.2.

As published, the Red Flag Rules required financial institutions and creditors to develop and implement a written identity theft prevention program by Nov. 1, 2008.  The FTC indicated that the decision to suspend enforcement of the Red Flag Rules until May of next year was based on reports that some entities had not been aware that their activities would cause them to be considered “creditors” or “financial institutions.” These entities informed the FTC that they did not have sufficient time to develop their identity theft prevention programs by the Nov. 1, 2008 compliance date.

The FTC stated that it believes that immediate enforcement of the Red Flag Rules “would be neither equitable for the covered entities nor beneficial to the public” and that delaying enforcement of the rules “will allow these entities to take the appropriate care and consideration when developing and implementing their programs.” (See the FTC's Enforcement Policy Statement and press release.)

The delay in enforcement of the Red Flag Rules only applies to financial institutions and creditors that are subject to administrative enforcement of the Fair Credit Reporting Act by the FTC. It does not affect other federal agencies' enforcement of the original Nov. 1, 2008, deadline for institutions subject to their oversight. The other agencies that have not extended their deadlines are the Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Office of Thrift Supervision, and the National Credit Union Administration. Also, the delay does not apply to the other regulations promulgated with the Red Flag Rules that address the duties of users of consumer reports regarding “address discrepancies” or the duties of debit or credit card issuers regarding changes of address.

This extension provides an ideal opportunity for organizations to engage in a deliberate and careful process to develop and implement their identity theft prevention programs. As this is likely to be a lengthy process, we encourage our clients who are subject to the Red Flag Rules, including many telecommunications and healthcare providers, to begin or continue their Red Flag compliance efforts as soon as possible to meet the May 1, 2009, deadline. Please let us know if you have any questions or would like us to assist you in creating or administering an identity theft prevention program.

Previous advisory bulletins:

Additional information about the applicability and requirements of the Red Flag Rules may be found in previous advisory bulletins issued by Davis Wright Tremaine LLP:

“‘Red Flag' Identity Theft Programs,” John D. Seiver, July 2008

“Health Care Providers: Don't Miss the Red Flags,” Rebecca L. Williams and Brent R. Eller, August 2008

Davis Wright Tremaine would like to thank associate Megan Vogel for contributing to this advisory.

Related Articles

DWT logo
©1996-2022 Davis Wright Tremaine LLP. ALL RIGHTS RESERVED. Attorney Advertising. Prior results do not guarantee a similar outcome.
NAVIGATE
Home People Expertise Insights
About Locations Careers Events Blogs
STAY CONNECTED

Subscribe to stay informed.

Subscribe
Employees
DWT Collaborate
EEO
Affiliations
Legal notices
Privacy policy
©1996-2022 Davis Wright Tremaine LLP. ALL RIGHTS RESERVED. Attorney Advertising. Prior results do not guarantee a similar outcome.
Close
Close

CAUTION - Before you proceed, please note: By clicking “accept” you agree that our review of the information contained in your e-mail and any attachments will not create an attorney-client relationship, and will not prevent any lawyer in our firm from representing a party in any matter where that information is relevant, even if you submitted the information in good faith to retain us.