News & Insights  |  Newsletters

FTC Red Flags Rule Compliance Now Required

January 2011

The Federal Trade Commission (FTC) allowed the December 31, 2010 compliance deadline set last May to go into effect.  This in part reflects approval by President Obama on December 18 of the Red Flags Program Clarification Act of 2010 (S.3987).  FTC Chairman Jon Leibowitz noted that "Congress has passed legislation resolving the uncertainty it created."

That Act, among other things, amended the Fair Credit Report Act's definition of "creditor" to exclude one that "advances funds on behalf of another person for expenses incidental to a service provided by the creditor to that person."

The Red Flags Rule requires covered businesses to establish and maintain a written program to reduce the risk of identity theft.  For a summary of these requirements, see the May 2009 issue of Privacy In Focus ("FTC Again Postpones Enforcement of the 'Red Flags' Identity Theft Rule").