FTC pushes back identity theft rules deadline -- for fifth time

Move to once again push back so-called Red Flags Rule follows AMA lawsuit seeking exemption for physicians

By , Computerworld |  Security, FCC, identity theft

The Federal Trade Commission (FTC) has once again pushed back its enforcement deadline for an identity theft --lated regulation called the Red Flags Rule.

The rule requires financial institutions and other organizations that extend consumer credit to develop and implement written policies for detecting and preventing identity theft.

Before this latest deadline change, the FTC was to have started enforcing the rule on June 1. Under the new deadline, it will now start doing so only after Jan. 1, 2011.

The FTC noted in a statement that the delay was prompted by requests from "several members of Congress" who are working on limiting the scope of the Red Flags Rule.

In the statement, the FTC expressed hope that Congress would work quickly on addressing certain "unintended consequences" of the legislation.

The FTC has previously delayed enforcement of the rule on four different occasions, the most recent being in October 2009, when it pushed the deadline back from Nov. 1 to June 1 of this year.

Today's extension comes just days after the American Medical Association (AMA), along with the American Osteopathic Association (AOA) and the Medical Society of the District of Columbia (MSDC), filed a lawsuit against the FTC, demanding that physicians be excluded from the requirements of the Red Flags Rule.

The lawsuit alleged that the Red Flags Rule was meant primarily for the banking sector, but was written so broadly that it now unintentionally covers physicians as well.

The suit follows almost two years of efforts by the AMA and the other two organizations to get the FTC to exclude physicians from the law. In January this year, the AMA, the AOA and two other groups formally petitioned the FTC to exempt physicians from the rule.

The recent lawsuit was filed after the FTC rejected the request.

"For two years, the AMA has made the case to the FTC that physicians are not creditors like banks and lenders, and the misguided red flags rule should not apply to them," a statement announcing the lawsuit noted.

The FTC's decision to apply the rule to physicians regardless of such complaints is 'arbitrary, capricious and contrary to the law', the lawsuit alleged.

The Red Flags Rule was developed as part of the Fair and Accurate Credit Transactions Act (FACTA) and went into effect in January 2008. The original compliance deadline for the rules was Nov. 2008, but it has been pushed back repeatedly largely as a result of concerns in Congress about the applicability of the rules to organizations other than financial institutions.

Originally published on Computerworld |  Click here to read the original story.
Join us:






Spotlight on ...
Online Training

    Upgrade your skills and earn higher pay

    Readers to share their best tips for maximizing training dollars and getting the most out self-directed learning. Here’s what they said.


    Learn more

SecurityWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

Ask a Question