Senate votes to exempt lawyers, doctors from Red Flags

Share this article:
Lawyers, doctors and accountants are one step closer to getting their wish of not having to comply with the Federal Trade Commission's Red Flags Rule.

The U.S. Senate voted unanimously this week to pass the Red Flag Program Clarification Act of 2010, which limits the scope of businesses covered by the rule, essentially giving an exemption to lawyers, doctors, accountants, dentists, orthodontists, pharmacists, veterinarians, nurse practitioners and social workers and other service providers.

The Red Flags Rule, developed in accordance with the Fair and Accurate Credit Transactions Act of 2003 (FACTA), requires financial institutions and other organizations classified as “creditors” to develop programs to identify, detect and respond to indications of identity theft.

The rule has been met with pushback, resulting in numerous delays. Several groups oppose the rule's definition of “creditor," saying it is too broad and would cover small businesses in industries where identity theft poses little threat.

The American Medical Association (AMA), for example, filed a lawsuit in federal court seeking to prevent the FTC from extending the Red Flags Rule to physicians. The AMA's lawsuit followed two similar complaints – one filed by the American Bar Association on behalf of lawyers and one by the American Institute of Certified Public Accountants on behalf of accountants.

Under the existing rule, doctors and other service providers were classified as “creditors” because they let clients pay after they provided services, said Sen. Mark Begich, D-Alaska. These businesses generally do not, however, offer or maintain accounts that pose a reasonable risk of identity theft.

Under the new legislation, the rule would apply only to organizations that use consumer reports in connection with credit transactions, provide information to consumer reporting agencies or loan money. 

“Unless this bipartisan bill becomes law, many small businesses for which identity theft is not a threat could be required to spend time and effort to comply with the Red Flags Rule,” said Begich, according to Tuesday's Congressional Record. “Small businesses are the economic drive of our country, and…should be focused on job creation and should not have to spend the money to comply with regulatory burdens disproportionate to the scope of the identity theft problem."

The bill will now go to the House of Representatives for a vote.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program ...

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.