Red Flags Rule Now Effective June 1, 2010

Note: On May 28, the FTC postponed the effective date of these rules through December 31, 2010.  See updated blog post here.

Under the Federal Trade Commission’s “Red Flags Rule,” financial institutions and creditors with “covered accounts” must develop protocols to detect and prevent identity theft. The new deadline for complying with this Rule is June 1, 2010. This effective date has been postponed several times, most recently from November 1, 2009, because:

a number of industries and entities within the FTC’s jurisdiction expressed confusion and uncertainty about their coverage by and/or obligations under the rule. See the earlier FTC Statement and the FTC Red Flag website.

The Red Flags Rule (16 CFR §681.2) was issued under the Fair and Accurate Credit Transactions Act of 2003 (FACTA) (Pub L 108-159, 117 Stat 1952).  It provides that entities that “regularly permit deferred payment for goods or services” must implement procedures to detect and respond to specific activities or patterns (known as “red flags”) that could indicate identity theft. The Rule is broadly written and the FTC specifically mentioned that it it would apply to attorneys who bill for services. See 16 CFR §681.1(b)(5); 15 USC §1681a(r)(5); 15 USC §1691a(e); FTC Statement.

On October 30, 2009, the U.S. District Court for the District of Columbia ruled that the FTC may not apply the Red Flags Rule to attorneys. (American Bar Association v FTC, Civil Action No. 09-1636 (RBW)). The FTC is appealing that ruling. See ABA Statement.

For guidance from CEB, see a detailed discussion of the Red Flags Rule in Privacy Compliance and Litigation in California §10.28 (Cal CEB 2008).

© The Regents of the University of California, 2010. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited.

Share

Add your comment to the blog post

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: