Breach At Lexis Nexis Affects About 40,000 Consumers
Heartland Is Once Again PCI-Approved. Will It Last?

FTC Grants Another Delay in Red Flag Rule Enforcement

Last week, the FTC released this press release:

"The Federal Trade Commission will delay enforcement of the new “Red Flags Rule” until August 1, 2009, to give creditors and financial institutions more time to develop and implement written identity theft prevention programs... The Fair and Accurate Credit Transactions Act of 2003 (FACTA) directed financial regulatory agencies, including the FTC, to promulgate rules requiring “creditors” and “financial institutions” with covered accounts to implement programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft. FACTA’s definition of “creditor” applies to any entity that regularly extends or renews credit – or arranges for others to do so – and includes all entities that regularly permit deferred payments for goods or services.”

This was the second delay. In October 2008, the FTC granted a six-month delay which moved the deadline to the prior date of May 1, 2009. Now, the deadline is August 1, 2009. From Network World:

"The Red Flag program is one of the major ways the government plans to fight the growing identity theft blight. Banks and other financial institutions typically account for about half of the identity theft complaints filed with the FTC... That's one of the reasons why under the Red Flags Rules, financial institutions and creditors must develop a written program that identifies and detects the relevant warning signs - or "red flags" - of identity theft."

I hope that there are no more delays. The Red Flag Rules are one tool to help protect consumers' sensitive personal data. And, identity thieves aren't delaying their activities.


Feed You can follow this conversation by subscribing to the comment feed for this post.

Derek Beckwith

Good article George. I highly recommend this blog post by Steven Bearak of Identity Force calling for businesses to comply with the Red Flags Rule and to protect people from identity theft and data breaches (

Offshore Outsourcing

Nice informative article....thanks for sharing this info blog with us.

The comments to this entry are closed.