Red Flags Rule Deadline Quickly Approaching: The FTC Will Begin Enforcing the New Identity Theft Rule on November 1, 2009

» Articles » Legal Articles » Article

October 29, 2009


The Federal Trade Commission (FTC) is slated to begin enforcement of the Red Flags Rule on November 1, 2009. The Red Flags Rule (“Rule”), requires businesses and other organizations to implement effective, new policies to detect, prevent and mitigate identity theft.

According to the FTC, the scope of the Rule is broad: any company that provides goods or services on a deferred payment basis (e.g., net-30 days billing) may be required to comply with the Rule. The FTC has further indicated that nonprofit organizations and government entities may also be subject to the Rule.

For a more detailed discussion about the Red Flags Rule, please see the Holland & Knight Red Flags Alert published on July 22, 2009.

Congress Mulls Exceptions to the Rule

Continue reading below

FREE Legal Training from Lorman

Lorman has over 37 years of professional training experience.
Join us for a special white paper and level up your Legal knowledge!

Litigation or Legal Holds for Reasonably Anticipated or Actual Litigation
Presented by John E. Delaney

Learn More

The scope of the Rule has been the subject of ongoing discussion, as numerous organizations have lobbied the FTC and Congress for a variety of exemptions. On October 20, 2009, the U.S. House of Representatives passed a bill that would exempt healthcare, accounting and legal practices from the Rule if the practice has 20 or fewer employees. The bill – H.R. 3763 – also requires the FTC to create a process allowing other businesses to request a similar exemption from the Rule. The U.S. Senate has yet to consider the proposed legislation.

There Is Still Time to Comply

The FTC has delayed enforcement three times to provide businesses more time to implement compliance programs. It has not, however, indicated plans to offer any further extensions.

To assist businesses and other organizations, Holland & Knight has developed a baseline, fixed-fee Red Flag Rule compliance package which is designed to help organizations and government entities determine if they are subject to the Rule, and if so, to implement a compliance program.

About the Authors:

Maximillian James "Max" Bodoin- Boston
Ieuan Mahony - Boston
Peter I. "Pete" Sanborn- Boston


The material appearing in this web site is for informational purposes only and is not legal advice. Transmission of this information is not intended to create, and receipt does not constitute, an attorney-client relationship. The information provided herein is intended only as general information which may or may not reflect the most current developments. Although these materials may be prepared by professionals, they should not be used as a substitute for professional services. If legal or other professional advice is required, the services of a professional should be sought.

The opinions or viewpoints expressed herein do not necessarily reflect those of Lorman Education Services. All materials and content were prepared by persons and/or entities other than Lorman Education Services, and said other persons and/or entities are solely responsible for their content.

Any links to other web sites are not intended to be referrals or endorsements of these sites. The links provided are maintained by the respective organizations, and they are solely responsible for the content of their own sites.