FTC Delays Enforcement of Rules for Identity Theft Policies

The Federal Trade Commission (FTC) announced that it will delay enforcement of the “Red Flags Rule” until August 1, 2009, to “give creditors and financial institutions more time to develop and implement written identity theft prevention programs.” The Red Flags Rule affects any business that regularly extends credit or permits deferred payments for goods or services. Such businesses must implement programs to identify, detect, and respond to activities that may indicate identity theft. For more information on the Red Flags Rules, see Deadline Looms for Healthcare Professionals to Implement Identity Theft Policies.

Some debate still exists regarding whether the Red Flags Rule applies to small health care providers. This delay will give these small health care providers more time to challenge its applicability. In the meantime, for businesses needing information on the Red Flags Rule, the FTC has released a “How To Guide” to help explain what types of businesses are covered, and how they might go about developing their identity theft prevention programs. The FTC also plans to release a template to assist businesses with their program development.

-- Originally published in Larkin Hoffman's IP/Tech Buzz.