Alerts and Updates

"Red Flag" Identity Theft Rules Apply to Unsuspecting Businesses; FTC Extends Compliance Deadline Again

May 1, 2009

The Federal Trade Commission announced on April 30, 2009, that the agency would once again delay enforcement of the "Red Flags Rule," this time from May 1 to August 1, 2009. The "red flag" rules and guidelines require financial institutions and creditors to formulate and implement identity theft prevention programs. In a recent enforcement policy statement, the FTC explained that the new rules applied to a wide range of industries and entities, many of which were not aware until very recently that they would be considered a "financial institution" or "creditor" for purposes of the rules. Many of these businesses were generally not required to comply with FTC rules in other contexts and had not been aware of the red flag rules. Additional rules that were published at the same time as the red flag rules apply specifically to credit and debit card issuers and to certain users of consumer reports and still required compliance by November 1, 2008.

For Further Information

Please see our previous Alerts on the topic:

"Red Flag" Rules May Snare Unsuspecting Businesses

Feds Force Businesses to Implement Identity Theft Prevention Measures by Fall 2008

If you have any questions regarding these regulations, including how they may affect your company, please contact a member of the Information Technologies and Telecom Practice Group or the lawyer in the firm with whom you are regularly in contact.

Disclaimer: This Alert has been prepared and published for informational purposes only and is not offered, nor should be construed, as legal advice. For more information, please see the firm's full disclaimer.