informa
/
Perimeter
Quick Hits

FTC Pushes Back 'Red Flag' Deadline

Companies have another six months to develop identity theft prevention programs

The Federal Trade Commission is suspending enforcement of the new “Red Flags Rule” until May 1, 2009, to give creditors and financial institutions additional time to develop and implement written identity theft prevention programs.

The Red Flags Rule requires financial institutions and creditors to implement identity theft prevention programs that identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft. (See Companies May Be Held Liable for Deals With Terrorists, ID Thieves.)

The FTC published details on the Red Flags Rule, including which businesses must comply, last year. Some of the businesses complained, stating that they were not aware that they were in the category of companies that would be required to comply, since they generally are not required to comply with FTC rules in other contexts. Others complained that they found out about the rule too late to comply.

The FTC said its delay of enforcement will give these entities sufficient time to establish and implement appropriate identity theft prevention programs.

— Tim Wilson, Site Editor, Dark Reading

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5