FTC Delays Red Flags Rule Until August 1, 2009

In a follow up to my earlier post regarding the Federal Trade Commission’s (FTC) Red Flags Rule (Click here for the post), the FTC issued an eleventh hour statement that it will extend the May 1, 2009 deadline for businesses to comply with the regulation through August 1, 2009. For the full FTC statement, click here.

The Rule applies to “creditors,” which includes any business organization that does not require payment in full for services (or supplies) at the time of service. If a business organization falls into the category of a “creditor” then the next question is whether the organization has “covered accounts” that will be covered by the Red Flags Rule. A “covered account” includes a consumer account designed to permit multiple payments or transactions or any other account for which there is a reasonably foreseeable risk of identity theft.

Originally, this regulation and the law it’s based on targeted financial institutions. But the plain language of the FTC’s rule  makes it much more expansive and unclear as to how it would be applied to organizations outside of the intended  regulatory field.

In this regard, the FTC Chairman Jon Leibowitz noted:

“Given the ongoing debate about whether Congress wrote this provision too broadly, delaying enforcement of the Red Flags Rule will allow industries and associations to share guidance with their members, provide low-risk entities an opportunity to use the template in developing their programs, and give Congress time to consider the issue further.”

For smaller businesses organizations, the FTC is developing a template to implement a relatively simple Red Flags Rule compliance program. This template will be available at this site.

Businesses organizations, especially smaller organizations, no doubt have enough challenges to weather in this economic storm. But  business organizations may be able to use the FTC’s Red Flag Rules as an opportunity to set their organization apart in the minds of customers and clients with privacy concerns by having a Red Flags Compliance Program in place in advance of the August 1 deadline.  Now we just have to figure out how to financially survive until August. Sorry – I can’t help you in that department.