The Federal Trade Commission issued an announcement today that the deadline to implement the Red Flag requirements pertaining to identity theft has been delayed for six months, making the new compliance deadline May 1, 2009.
In its Enforcement Policy Statement, the FTC states:
During the course of the [FTC]’s education and outreach efforts following publication of the rule, the [FTC] has learned that some industries and entities within the FTC’s jurisdiction have expressed confusion and uncertainty about their coverage under the rule. These entities indicated that they were not aware that they were undertaking activities that would cause them to fall within FACTA’s definitions of “creditor” or “financial institution.” Many entities also noted that because they generally are not required to comply with FTC rules in other contexts, they had not followed or even been aware of the rulemaking, and therefore learned of the requirements of the rule too late to be able to come into compliance by November 1, 2008.
Given the confusion and uncertainty within major industries under the FTC’s jurisdiction
about the applicability of the rule, and the fact that there is no longer sufficient time for members of those industries to develop their programs and meet the November 1 compliance date, the [FTC] believes that immediate enforcement of the rule on November 1 would be neither equitable for the covered entities nor beneficial to the public. Delaying [FTC] enforcement of the rule as to the entities under its jurisdiction by six months, until May 1, 2009, will allow these entities to take the appropriate care and consideration in developing and implementing their programs. It also will give the [FTC] time to conduct additional education and outreach regarding the rule. Therefore, the Commission has determined that it will forbear from bringing any enforcement action for violation of the Identity Theft Red Flags.
Therefore, creditors, including healthcare providers that defer payment for goods and services, now have additional time to develop and implement Red Flags for identity theft.