The Federal Trade Commission (FTC), which works for consumers to prevent fraudulent, deceptive, and unfair business practices, has announced it will delay enforcement of the Red Flags Rule through the end of the year. The delay allows Congress to consider legislation that would affect the scope of entities covered by the compliance rule. This is the third time the rule has been delayed.
The Electronic Security Association (ESA) has been working with members of Congress to have the rule delayed to allow adequate time for its members to comply.
However, the FTC, which delayed implementation of the rules in last August and again in October, is urging Congress to pass the legislation that would resolve any questions as to which entities are covered by the rule to prevent the need for further enforcement delays.
The rule, which became effective Jan. 1, 2008, was developed under the Fair and Accurate Credit Transactions Act, in which Congress directed the FTC and other agencies to develop regulations requiring creditors and financial institutions to address the risk of identity theft. The resulting Red Flags Rule requires all such entities that have “covered accounts” to develop and implement written identity theft prevention programs to help identify, detect, and respond to patterns, practices, or specific activities – known as “red flags” – that could indicate identity theft.
