In the last hour, the news broke that the FTC has again extended the compliance deadline for the FACTA Red Flags Rule, this time to December 31, 2010, "[a]t the request of several Members of Congress." The FTC's press release of this morning is here. This is the fifth time the FTC has extended the enforcement deadline. As usual, the FTC's extension does not affect "other federal agencies' enforcement of the original November 1, 2008 deadline for institutions subject to their oversight."
As our readers know, the FTC, after four extensions of the deadline, currently intends to begin enforcing the Red Flags Rule with respect to organizations subject to its jurisdiction on June 1, 2010. In the meantime, the Red Flags Rule remains in effect as to all financial institutions and creditors (and has been subject to enforcement by the banking regulators since November 1, 2008). Although a recent decision of the United States District Court for the District of Columbia, ABA v. FTC, brought lawyers outside the scope of the Rule, the Rule remains broad and covers a wide range of entities as "creditors." Creditors subject to the FTC's jurisdiction need to have their written Red Flags Rule Identity Theft Prevention Programs prepared, approved by the Board, and implemented by June 1. For more on the history and the requirements of the Rule, see my recent article, "The FACTA Red Flags Rule: A Primer," published in Bloomberg Law Reports - Risk & Compliance, reproduced here with the permission of Bloomberg.
The FTC extended the deadline for enforcement of the Red Flags Identity Theft Rule. The new enforcement deadline is June 1, 2010. The deadline was extended at "the request of Members of Congress." www.ftc.gov/opa/2009/10/redflags.shtm