The Federal Trade Commission (“FTC”) has pushed back the deadline for implementation of its new Red Flag Rule until November 1, 2009. This is the third time that the FTC has delayed the deadline for compliance since the original November 1, 2008 deadline.
As previously reported in EmployNews, the new rule flows from the federal Fair and Accurate Credit Transactions Act (“FACTA”). FACTA regulations require companies that extend credit to consumers to implement a program that will identify and respond to account activities that are possible indicators (“red flags”) of identity theft in connection with the opening or maintenance of “covered accounts.” Once a flag is identified, the company must detect and respond to those red flags that occur within its business and cause exposure to identity theft. Businesses that must comply include hospitals and other healthcare providers, automobile dealers, retailers, banks, telecommunications companies, public utilities, universities, government entities that provide electrical, water, sewer, garbage collection or similar services, and other companies that maintain information about individuals in their customer account files and databases.
The delay will give the agency and Congress more time to consider whether the rule is too broad, as well as give affected businesses more time to comply with the rule. For help determining whether your business is subject to these regulations or establishing an identity theft program, please contact a Parker Poe employment attorney.