11/4/2009
Norbert F. Kugele,
Nathan W. Steed
The Federal Trade Commission (FTC) has again delayed enforcement of its Identity Theft Rules—also known as the "Red Flag Rules." Businesses that are subject to these rules must develop and implement a program designed to detect identity theft and mitigate its harm. Under the FTC's interpretation, any business that allows a client to pay for products or services after the fact (for example, in response to an invoice, rather than at the time services or products are provided) is potentially subject to the rules. While the rules were to become enforceable on November 1, 2009, the FTC has announced that it will delay enforcement until June 1, 2010.
The delay is in response to a request from members of Congress that the FTC further delay enforcement. On October 20, 2009, the House of Representatives unanimously approved H.R. 3763, a bill designed to exempt certain smaller organizations, including health care, accounting, and legal practices with fewer than twenty employees, from the requirements of the Red Flag Rules. The bill is currently being considered by the Senate’s Committee on Banking, Housing, and Urban Affairs. The enforcement delay is to allow Congress time to finalize the pending legislation.
Note that this delay applies to the Red Flag Rules only. There are also new address discrepancy rules that apply to organizations that use consumer reports. These address discrepancy rules became enforceable on November 1, 2009.
If you have any questions about the Red Flag Rules or the address discrepancy rules, or if you need help updating policies and procedures, contact Norbert F. Kugele (by phone 616.752.2186, or by e-mail at ) or Nathan W. Steed (by phone at 616.752.2723, or by e-mail at ).
