The following was announced today on the HealthCareInfoSecurity website – “Reacting to requests from several members of Congress, the Federal Trade Commission (FTC) has yet again delayed enforcement of the Identity Theft Red Flags Rule until Dec. 31, 2010. The law had been slated to be enforced June 1.”
Under the Red Flags Rule, which became effective Jan. 1, 2008, organizations that extend credit to their clients must develop and implement written identity theft prevention programs that help identify, detect and respond to patterns, practices or specific activities, known as “red flags,” that could indicate identity theft.
If your organization extends credit to its customers, then we encourage you to pass this message along to those organizational risk management team members so that they can make a fair evaluation of risk relationship between the Red Flags Rule and their own organization and advise their management accordingly.
With so many previous delays already announced by the FTC over the enforcement of the Red Flags Rule law, what are your thoughts regarding this latest further delay announcement?
What kind of a message do you think this delay sends to those fighting for more privacy rights protection?