FTC extends "Red Flags Rules" enforcement six months

Share this article:

The Federal Trade Commission is extending the deadline for enforcement of the identity theft prevention “Red Flags Rules” until May 1.

The deadline was extended because many companies were not prepared to meet the original Nov. 1 deadline, an FTC news release said.

The rules require that creditors and financial institutions create and implement an ID theft prevention program.

Entities already have had a year to comply and during that time the FTC has launched outreach efforts to explain the rules. But some companies were not aware that they fell under the distinction of a creditor or financial institution, according to the FTC. Other entities were unprepared because they are not usually required to comply with FTC rules so they ignored the Red Flag guidelines.

“There seems to be a lot of feedback from people saying that there's no way we can meet this deadline,” Eduard Goodman, general counsel and chief privacy officer for vendor Identity Theft 911, told SCMagazineUS.com Thursday.

Goodman said the deadline extension only applies to the FTC's enforcement of the rules. The deadline extension will not be applicable for businesses that are regulated by federal bank regulatory agencies and the National Credit Union Administration — namely banks, credit unions and credit card issuers.

The deadline extension will affect, however, the majority of the approximately 11 million businesses that are required to comply with the rules, Goodman said.

For the average small-to-medium-size business that didn't know about the rules or hasn't had the time or resources to implement it, the delay is a meaningful recognition that creating and implementing an ID prevention program is important, Goodman said.

“It's better to do it right than to try to meet an unrealistic deadline,” Goodman said.

Goodman said that the true intent of the rules is to shift the burden from the customer having to deal with the problem of ID theft to businesses that are mistakenly granting credit to fraudsters.

The FTC could not be reached for comment Thursday.

Share this article:

Sign up to our newsletters

More in News

IT manager fired following massive Maricopa college district breach

Miguel Corzo, the IT manager who was fired on Tuesday, claims Maricopa County Community College District is making him into a scapegoat.

Facebook scam leads victims to Nuclear exploit kit

Researchers at Symantec say attackers are becoming more aggressive and using Facebook scams to exploit users' computers.

eBay faces class-action suit over breach

eBay faces class-action suit over breach

A suit filed in a federal court in Louisiana charges the company with failing to protect personal information and seeks damages on multiple counts.