February 16, 2009 / Law Alert

Compliance Required: Identity Theft Red Flag Rules Have Broad Application

As of May 1, 2009, the Federal Trade Commission will begin enforcing the Red Flag rules under the Fair and Accurate Credit Transactions Act of 2003. The Red Flag rules require that all businesses that "regularly extend credit" through a "covered account" adopt identity theft prevention programs. A "covered account" is an account a creditor offers or maintains primarily for personal, family, or household purposes that involves or is designed to permit multiple payments or transactions. Any business that extends such credit must act quickly to develop, adopt, and implement a written identity theft prevention program that is both usable in their business and that complies with the Red Flag rules. Although the complexity of such programs will vary depending on the particular business practices, the FTC has identified 26 possible "red flags" to include.