Home  |  HRCalifornia  |  Store About Us  |  Contact Us
California Chamber of Commerce
CalChamber Member: Chevron Corporation - Reproduced with permission of Chevron Corporation

Bookmark and Share

Federal Agency Delays Enforcement Date for 'Red Flags' Rule

(August 5, 2009) The Federal Trade Commission (FTC) is expanding its efforts to educate small businesses and other entities about compliance with the "red flags" rule to prevent identity theft and is delaying its enforcement of the requirement.

The goal of the education effort is to ease compliance by providing additional resources and guidance to clarify whether businesses are covered by the rule and what they must do to comply.

The “red flags” rule requires many businesses and organizations to implement a written Identity Theft Prevention Program to detect the warning signs — or “red flags” — of identity theft in day-to-day operations. The financial regulatory agencies, including the FTC, developed the rule, which was mandated by the Fair and Accurate Credit Transactions Act of 2003 (FACTA).

Three-Month Extension

To give creditors and financial institutions more time to review this guidance and develop and implement written Identity Theft Prevention Programs, the FTC has delayed enforcement of the rule until November 1, 2009.

Although many covered entities have already developed and implemented appropriate, risk-based programs, some — particularly small businesses and entities with a low risk of identity theft — remain uncertain about their obligations.

Among other things, FTC staff will create a special link for small and low-risk entities on the Red Flags Rule website with materials that provide guidance and direction regarding the rule. The FTC has already posted FAQs that address how the FTC intends to enforce the rule and other topics. The enforcement FAQ states that FTC staff would be unlikely to recommend bringing a law enforcement action if entities know their customers or clients individually, or if they perform services in or around their customers’ homes, or if they operate in sectors where identity theft is rare and they have not themselves been the target of identity theft.

FTC reports the three-month extension, coupled with this new guidance, should enable businesses to gain a better understanding of the rule and any obligations they may have under it. It says the steps are consistent with the U.S. House Appropriations Committee’s recent request that the FTC defer enforcement in conjunction with additional efforts to minimize the burdens of the rule on health care providers and small businesses with a low risk of identity theft problems.

The announcement that the FTC will delay enforcement of the Rule until November 1, 2009, does not affect other federal agencies’ enforcement of the original November 1, 2008, compliance deadline for institutions subject to their oversight.

Toll-Free Help

The FTC has established a toll-free help line for businesses and consumers interested in learning more about the “red flag” rules: (877) FTC-HELP.

Compliance Training

The California Chamber of Commerce is offering “red flags” compliance training. Information is available at www.calbizcentral.com.

© 2012 California Chamber of Commerce.
Terms of Use and Privacy Policy