My NacuboWhy Join: Benefits of Membership

E-mail:   Password:   

 Remember Me? | Forgot password? | Need an online account?


FTC Extends Deadline for Identity Theft Red Flags Rule

June 15, 2010

The Federal Trade Commission (FTC) has issued yet another extension on enforcement of the identity theft Red Flags Rule until December 31, 2010. This additional delay will give members of Congress time to consider legislation that would affect the scope of entities covered by the rule. The Red Flags Rule requires creditors and financial institutions to address the risk of identity theft. Under the rule, entities that have "covered accounts" must develop and implement written identity theft prevent programs to help identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft. The rule became effective on January 1, 2008, with full compliance originally required by November 1, 2008. Since then, the FCC has announced multiple delays in enforcement.

The latest delay comes as members of Congress requested more time to finalize legislation that would limit the scope of business covered by the rule. Although the FTC has granted several extensions, it would like Congress to act swiftly in passing legislation that resolves the question regarding which entities are covered by the rule. The FTC's press release provides  more information.

NACUBO's Red Flags resource page provides links to documents and tools to help institutions develop an identity theft protection plan, including sample policies from colleges and universities and an FAQ from the FTC which explains its enforcement plan.


Anne Gross
Vice President, Regulatory Affairs