WASHINGTON--For the second time, the Federal Trade Commission
has delayed enforcement of its new “Red Flags” rules
requiring the implementation of identity theft prevention programs.
The rules had been set for enforcement May 1, but in a last-minute
decision April 30, the commission pushed its compliance deadline
back three months to Aug. 1.
Last year, the FTC moved the original compliance deadline from Nov.
1 to May 1 after learning that some companies were uncertain about
their coverage under the rules. According to press reports, the
agency has been accused of applying the rules to organizations that
were not intended to be covered--including health care
providers.
Under the rules, HME providers and other affected companies must
develop prevention programs that identify patterns, practices and
activities that are “red flags” for possible identity
theft.
For companies that have a low risk of identity theft, such as
businesses that know their customers personally, the agency said it
would soon release a “template” to help with
compliance.
For more about the rules, see “Are You
Ready for the Red Flags Rule?”
Tuesday, May 5, 2009