The Federal Trade Commission (“FTC”) recently announced that it will not enforce the new Red Flag Rules until May 1, 2009, giving financial institutions and creditors an additional six months to comply by developing and implementing a written identity theft prevention program. In an Enforcement Policy Statement released on October 22, 2008, the FTC acknowledged the uncertainty felt by many entities and some industries regarding whether they would be considered “covered entities” and thus subject to the rules. This announcement though does not affect companies subject to the enforcement authority of federal agencies other than the FTC.
identity theft
Red Flag Alert — Compliance Deadline is November 1, 2008
According to regulations published by the Federal Trade Commission and the federal banking agencies, covered companies that hold any customer accounts must implement identity theft prevention programs that identify and detect “Red Flags” signaling possible identity theft. Companies establishing such programs must create policies and procedures not only to recognize and detect Red Flags, but also to respond to Red Flags by preventing or mitigating potential identity theft. Furthermore, companies must develop reasonable policies and procedures to verify the identity of a customer opening an account, and must also periodically update their identity theft programs. The rules went into effect on January 1, 2008, and businesses must comply by November 1, 2008.
…
Breach Law Data
We thought it might be helpful to provide citations to the 37 state (plus D.C. and Puerto Rico) breach notification laws that cover private entities (Oklahoma’s law, that only addresses state agencies, is not included). We also provide links, or uploaded copies, where available.
…