Posted on June 1, 2010 by Brad Rostolsky

Red Flags Rule Enforcement Postponed Again

On May 28, 2010, just shy of the June 1st compliance deadline, the Federal Trade Commission announced that it would again be postponing enforcement of the Red Flags Identity Theft Prevention Rule through December 31, 2010. This delay comes at the request of Congress, which has been considering legislation (which has been referred to the Senate Committee on Banking, Housing, and Urban Affairs) that would affect the scope of entities covered by the Rule. The FTC "urges Congress to act quickly to pass legislation that will resolve any questions as to which entities are covered by the Rule and obviate the need for further enforcement delays." If Congress passes legislation limiting the scope of the Red Flags Rule with an effective date earlier than December 31, 2010, the Commission will begin enforcement as of that effective date.
 

Tags: , , ,
Posted on November 2, 2009 by Brad Rostolsky

Another Postponement of FTC's Red Flags Rule

On October 30, 2009 the Federal Trade Commission (FTC) issued a News Release announcing that it is granting industries under the FTC's jurisdiction an additional 7 months (i.e., until June 1, 2010) to develop and implement their identity theft prevention programs as required under the FTC's Identify Theft Red Flags Rule. According to the FTC News Release, this additional extension has been provided at the request of members of Congress. In making this announcement, the FTC attempts to refocus the attention of creditors and financial institutions to the FTC's dedicated Red Flags Rule website, which contains various compliance guidance documents designed to assist affected industries with the development of Identity Theft Protection Programs. 

Also on October 30, 2009, the U.S. District Court for the District of Columbia ruled that the FTC may not apply the Red Flags Rule to attorneys. The FTC's New Release acknowledges this ruling, and further cautions that the FTC's additional postponement of Red Flags Rule enforcement remains distinct from whatever timeline may be associated with the aforementioned court proceeding and any possible appeals.

The announcement of the additional extension is available at www.ftc.gov, and our prior posts on the Red Flags Rule are available here.

Tags: , , ,
Posted on July 29, 2009 by Brad Rostolsky

FTC Further Postpones Identity Theft Red Flags Rule

On July 29, 2009 the Federal Trade Commission (FTC) issued a News Release announcing that it is granting industries under the FTC's jurisdiction an additional 3 months to develop and implement their identity theft prevention programs as required under the FTC's Identify Theft Red Flags Rule. Additionally, the FTC staff will "redouble" its education efforts and ease compliance by providing additional resources and guidance to clarify whether businesses are covered by the Rule and what they must do to comply.   By extending the enforcement date of the Rule until November 1, 2009, the FTC intends to give creditors and financial institutions more time to review the forthcoming guidance and to develop and implement written Identity Theft Prevention Programs. The announcement of the extension is also available at www.ftc.gov, and our prior posts on the Red Flags Rule are available here.

Tags: , , ,
Posted on May 1, 2009 by Lisa Baird

Identity Theft Red Flag Rule Further Postponed

This post was written by Carol Loepere.

On April 30, 2009 the Federal Trade Commission (FTC) issued a News Release announcing that it is granting industries under the FTC's jurisdiction an additional 3 months to develop and implement their identity theft prevention programs as required under the FTC's so-called Identify Theft Red Flag Rule. The FTC also stated that that some entities, particularly those that are small, non-traditional creditors, would benefit from the availability of a template Red Flags program in developing their programs. The Commission staff intends to publish such a template for low-risk entities shortly. The FTC said that the extension, coupled with the release of the template, should be sufficient to enable low-risk entities to prepare their programs without undue burden. The announcement of the extension is also available at www.ftc.gov.

Tags: , , ,
Posted on November 21, 2008 by Lisa Baird

Update on FTC's Identity Theft Red Flag Regulations: Address Discrepancy Rule and Identity Theft Prevention Rule as They Apply to Health Care Providers

This Client Alert, written by Debra L. Hutchings, Paul J. Bond and Carol C. Loepere, updates information received from the Federal Trade Commission (“FTC”) concerning application of its Address Discrepancy and Red Flag rules aimed at combating identity theft as they apply to health care providers and suppliers. As reported previously these rules, collectively known as the Red Flag Regulations, 16 C.F.R. § 681.1 et seq. (“Red Flag Regulations”), apply to users of consumer reports and “creditors,” which may include many participants in the health care industry.

Past posts on this subject describe the FTC's decision to delay enforcement of a portion of the regulations and our initial discussion of the implications of the FTC's Red Flag Regulations for health care providers.

Tags: , ,
Posted on October 22, 2008 by Lisa Baird

FTC Grants Six-Month Delay on Enforcement of the "Red Flag Rules"

This post was written by Carol C. Loepere.

Today, the Federal Trade Commission (FTC) issued a press release to announce that it will suspend enforcement of the new “Red Flag Rules” until May 1, 2009, to give "creditors" and financial institutions additional time in which to develop and implement written identity-theft prevention programs. Reed Smith has worked on behalf of the American Health Care Association (AHCA) to question the applicability of the rules to health care providers, and to request a delay in the effective date of the rule. For more on the possible application of the FTC's Red Flag Rules to health care providers, see our prior post

Tags: , , ,
Posted on September 22, 2008 by Lisa Baird

FTC's Identity Theft Red Flag Regulations: Implications for Health Care Providers

This post was written by Debra L. Hutchings, Paul J. Bond, and Carol C. Loepere.


In November 2007, the Federal Trade Commission (“FTC”) issued sweeping regulations aimed at deterring, detecting and preventing identity theft. Under these rules, known as the Red Flag Regulations, 16 C.F.R. § 681.1 et seq. and Final Rule (“Red Flag Regulations”), financial institutions and creditors of covered accounts must establish a program to detect, prevent and mitigate identity theft. While somewhat unclear and perhaps counterintuitive, the breadth of the Red Flag Regulations and the FTC’s current interpretation indicates that these rules apply to many participants in the health care industry. The rules become effective November 1, 2008.

The Red Flag Regulations have three parts, two of which pertain to the health care industry. The first part applies to anyone who uses “consumer reports” for employment, insurance or credit purposes. The second part places obligations on “creditors and financial institutions” to detect, prevent and mitigate identity theft in relation to accounts covered under the Red Flag Regulations. This Client Alert addresses each part in turn.

Tags: , , ,