The Federal Trade Commission (FTC) has delayed the compliance deadline for its Red Flag rules governing identity-theft prevention an additional seven months, to June 1, 2010. These rules require many businesses to prepare and implement written identity-theft prevention policies and programs to identify warning signs of actual or potential identity theft (i.e., “red flags”), detect red flags, prevent identity theft, and mitigate the consequences of identity theft.
Please note that the FTC’s postponement does not apply to the discrepancy rules already in effect governing users of consumer reports and card issuers. In addition, the FTC’s postponement does not delay enforcement by other federal agencies (including federal bank regulatory agencies and the National Credit Union Administration) for the institutions they oversee. If your business falls into any of these categories, please contact us regarding regulatory changes which have been in effect since November 2008.
Because of the unprecedented breadth of this rule and potentially high penalties, you should conduct a careful analysis to determine if and how the rule applies to your business. The FTC will base its calculation of the penalties on the number of your business’s customer accounts. For more information, see the Ulmer & Berne Client Alert of April 24, 2009 or feel free to contact one of the listed attorneys.
FULL TEXT/PRINTABLE VERSION