Today, the Federal Trade Commission (FTC) announced that it would further delay enforcement of the “Red Flags” Rules by another three months, from August 1 to November 1, 2009. The commission also announced that it would redouble its efforts to educate small businesses and other entities about complying with the Rules and work to ease compliance by offering additional resources and guidance to clarify whether businesses are covered and what they must do to comply.
“Although many covered entities have already developed and implemented appropriate, risk-based programs, some—particularly small businesses and entities with a low risk of identity theft—remain uncertain about their obligations,” said the FTC in a release. “The additional compliance guidance that the Commission will make available shortly is designed to help them.”
Additionally, the FTC released a set of FAQs for the guidelines that address how the agency intends to enforce the Rules, noting that “Commission staff would be unlikely to recommend bringing a law enforcement action if entities know their customers or clients individually, or if they perform services in or around their customers’ homes, or if they operate in sectors where identity theft is rare and they have not themselves been the target of identity theft.” The full set of FAQs can be found here.
NACM has worked diligently with the FTC to increase awareness of the “Red Flags” Rules, most recently meeting with FTC officials just two weeks prior to the delay to discuss the lingering confusion surrounding the Rules and its application.