The FTC announced over the weekend that, at the request of members of Congress, the compliance date for the Red Flags Rule is now delayed to June 1, 2010. This gives companies additional time to prepare their required Red Flags Rule Plans. The FTC has said it will continue to provide guidance on the development and implementation of these Plans, especially for companies who want to voluntarily adopt identity theft protection measures for the benefit of their customers and business reputation (Click here for the FTC’s Red Flags Rule website). This delay does not affect any other agency oversight or other federal regulations relating to data security and identity theft.
On a related note, a federal court (District of Columbia) issued the first ruling regarding the application of the Red Flags Rule on October 30, 2009. That decision held that the FTC may not apply the Red Flags Rule to attorneys. This case (and any appeals) are independent of the June 1, 2010 delay, but companies should keep an ear out for other decisions that may directly affect their industry.