Red Flags Rule will not apply to certain professions

Share this article:
President Obama on Saturday signed legislation that exempts lawyers, doctors and accountants from having to comply with the Federal Trade Commission's (FTC) Red Flags Rule.

The Red Flag Program Clarification Act of 2010, unanimously passed by the Senate in late November and approved by the House of Representatives earlier this month, limits the scope of who is covered by the rule, essentially giving an exemption to lawyers, doctors, accountants, dentists, orthodontists, pharmacists, veterinarians, nurse practitioners and social workers and other service providers.

The Red Flags Rule, developed in accordance with the Fair and Accurate Credit Transactions Act of 2003 (FACTA), requires financial institutions and other organizations classified as “creditors” to develop programs to identify, detect and respond to indications of identity theft. The FTC originally interpreted the term “creditors” to include service providers, such as attorneys, that let clients pay after they provide a service.

The rule, which became effective Jan. 1, 2008, has been met with pushback, resulting in numerous FTC enforcement delays. Several groups opposed the rule's definition of “creditor," saying it was too broad and would cover small businesses in industries where identity theft poses little threat.

The American Medical Association (AMA) filed a lawsuit in federal court in May seeking to prevent the FTC from extending the Red Flags Rule to physicians. The AMA's lawsuit followed two similar complaints – one filed by the American Bar Association and one by the American Institute of Certified Public Accountants.

In response, the FTC delayed enforcement of the rule through Dec. 31 of this year to give Congress time to resolve questions over which entities must comply.

Under the new exemption law, the rule only applies to organizations that use consumer reports in connection with credit transactions, provide information to consumer reporting agencies or loan money. 

Service providers generally do not offer or maintain accounts that pose a reasonable risk of identity theft, according to Sen. Mark Begich, D-Alaska, who sponsored the measure with Sen. John Thune, R-S.D.

Organizations representing attorneys, physicians and accountants are pleased with the exemption.

“At last, the American legal profession has clear and final relief from attempts to solve a nonexistent problem that would have created paper pushing and raised legal costs,” Stephen Zack, president of the ABA, said in a statement

Share this article:

Sign up to our newsletters

More in News

Instagram iOS and Android apps vulnerable to session hijacking

Two researchers wrote about the Instagram app for iOS and Android is vulnerable to session hijacking because both send unsecured information through HTTP.

Report: Hackers stole data from Israeli defense firms

A report by Brian Krebs detailed the intrusions, which occurred between Oct. 2011 and Aug. 2012.

Neverquest trojan targets regional banks in Japan

Symantec researchers found a new variant of the banking trojan.