The FTC recently announced another postmonement of the Red Flags enforcement. The new date is November 1, 2009, exactaly one year and 3 delayed dates later than the original enforcement date. The FTC says that the reason for the postmonement is for additional awareness especially for small organizations that do not know or understand their new requirements.
Red Flags is relatively new legislation designed to prevent identity theft by having companies implement formal, written programs to identify the warning signs, or “Red Flags” of identity theft. Many organizations are pushing back on the FTC saying they should not be required to comply. To date, I have heard of no group or company being given an exception. The American Bar Association (ABA) has recently filed a protest to the FTC on behalf of lawyers stating that they should not have to comply. The regulation states that all “Creditors” which are essentially any company who defers payment must comply. Obviously that is most companies, large and small.
Financial institutions are also required to comply, but their date did not change from the original November 1, 2008 date. According to Gartner, most of these organizations were already close or had policies in place anyway. So this is of greater impact to non-financial institutions right now.
If you’d like to learn more, click here to view a webinar I hosted in May about ensuring Red Flags compliance.
