The Federal Trade Commission (FTC) has just announced that it will delay enforcement of the identity theft “Red Flags Rule” (Rule) until August 1, 2009.   The Rule was discussed previously in Weintraub Genshlea Chediak Tobin & Tobin’s Law Alert Article: Deadline to Have Identity Theft Prevention program Prepared and Implemented is May 1, dated April 15, 2009.

The Rule was adopted by the FTC after the Fair and Accurate Credit Transactions Act of 2003 (FACTA) directed financial regulatory agencies, including the FTC, to promulgate rules requiring “creditors” and “financial institutions” with covered accounts to implement programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft. FACTA’s definition of “creditor” applies to any entity that regularly extends or renews credit – or arranges for others to do so – and includes all entities that regularly permit deferred payments for goods or services. Accepting credit cards as a form of payment does not, by itself, make an entity a creditor. According to the FTC, some examples of creditors are finance companies; automobile dealers that provide or arrange financing; mortgage brokers; utility companies; telecommunications companies; non-profit and government entities that defer payment for goods or services; and businesses that provide services and bill later, including many lawyers, doctors, and other professionals. “Financial institutions” include entities that offer accounts that enable consumers to write checks or make payments to third parties through other means, such as other negotiable instruments or telephone transfers.

The express purpose of the extension is to provide more time to entities that may be covered by the Rule to create and implement written identity theft prevention programs. The FTC’s announcement of the extension also indicates that it plans to publish a template to help entitles with a low risk of identity theft to comply with the Rule.

The FTC’s announcement can be found at: