Federal Trade Commission Delays Enforcement of Red Flags Rule Until November 1, 2009

In an effort to give companies more time to comply with the Red Flags Rule (Rule), the Federal Trade Commission (FTC) announced Wednesday that it will delay enforcement until November 1, 2009. The extension gives companies three additional months to implement an Identity Theft Prevention Program (Program). The Nov. 1, 2009 extension applies only to entities subject to FTC oversight under the Rule. Many financial services companies and lending institutions, which are regulated by other agencies, already should have a Program in place.

The FTC has suggested that it will issue additional educational materials to help organizations determine whether they are subject to the Rule. However, the FTC’s current, broad interpretation on the Rule’s applicability appears largely unchanged. As a result, any company that provides goods or services on a deferred payment basis (e.g., net-30 days billing) may be required to comply with the Rule.

For a more detailed discussion concerning how the Red Flags Rules may apply to health care providers and to life sciences manufacturers, please see the Health Law and Life Sciences Alert published on July 22, 2009.