The FTC announced that it will delay until May 1, 2009 enforcement of the “Red Flags Rule,” which requires certain entities subject to regulation by the FTC to adopt written identity theft prevention programs. The Rule contains guidelines that identify 26 patterns, practices, and specific forms of activity that are “Red Flags” signaling possible identity theft. The Rule’s original compliance date was November 1, 2008. This delay in enforcement is limited to the Red Flags Rule (16 CFR 681.2), and does not extend to the related rule regarding address discrepancies applicable to users of consumer reports (16 CFR 681.1), or to the related rule regarding changes of address applicable to card issuers (16 CFR 681.3).
Alert October 28, 2008