October 23, 2008

FTC extends "Red Flags Rules" enforcement six months

The Federal Trade Commission is extending the deadline for enforcement of the identity theft prevention “Red Flags Rules” until May 1.

The deadline was extended because many companies were not prepared to meet the original Nov. 1 deadline, an FTC news release said.

The rules require that creditors and financial institutions create and implement an ID theft prevention program.

Entities already have had a year to comply and during that time the FTC has launched outreach efforts to explain the rules. But some companies were not aware that they fell under the distinction of a creditor or financial institution, according to the FTC. Other entities were unprepared because they are not usually required to comply with FTC rules so they ignored the Red Flag guidelines.

“There seems to be a lot of feedback from people saying that there's no way we can meet this deadline,” Eduard Goodman, general counsel and chief privacy officer for vendor Identity Theft 911, told SCMagazineUS.com Thursday.

Goodman said the deadline extension only applies to the FTC's enforcement of the rules. The deadline extension will not be applicable for businesses that are regulated by federal bank regulatory agencies and the National Credit Union Administration — namely banks, credit unions and credit card issuers.

The deadline extension will affect, however, the majority of the approximately 11 million businesses that are required to comply with the rules, Goodman said.

For the average small-to-medium-size business that didn't know about the rules or hasn't had the time or resources to implement it, the delay is a meaningful recognition that creating and implementing an ID prevention program is important, Goodman said.

“It's better to do it right than to try to meet an unrealistic deadline,” Goodman said.

Goodman said that the true intent of the rules is to shift the burden from the customer having to deal with the problem of ID theft to businesses that are mistakenly granting credit to fraudsters.

The FTC could not be reached for comment Thursday.

Related Articles
Related Topics
Related Links

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.