The Red Flags Rule is a fraud prevention measure that requires certain businesses to create and follow written procedures to identify, detect, and respond to warning signs (i.e. “red flags”) of identity theft. The Federal Trade Commission has delayed the rule several times, most recently in a press release on May 28, 2010. The press release also identified some potential changes in the scope of the rule as well as the types of businesses to which it would apply.
The fifth and most recent extension delays enforcement until December 31, 2010. This last extension was issued at the request of Congress, which is in the process of considering federal legislation that will clarify and limit the businesses to which the rule may apply. A proposed bill (H.R. 3763), which is currently being considered by the Senate after its passage in the House of Representatives, would automatically exclude legal, accounting and medical practices with 20 or fewer employees and allow any other business to apply for an exclusion if it can show (1) it knows all of its customers personally, (2) it does all of its business in or around the residences of its customers, or (3) it has not had any incidents of identity theft and identity theft is rare in that type of business. If Congress passes such legislation with an effective date earlier than December 31, 2010, the FTC will begin enforcement at that time.
The FTC’s press release notes that the delayed enforcement only applies to businesses under its jurisdiction and not those who are under the jurisdiction of other federal regulatory agencies (such as banks, federally chartered credit unions, and savings and loans).
For further information regarding these matters, please contact Mr. Nixon at 248.619.2585 or via email.