The Federal Trade Commission is delaying enforcement of its identity theft Red Flags Rule for a fourth time, pushing back the November 1 deadline to June 1, 2010.
The latest delay comes at the request from Congress, which is considering a bill that amends the identity theft rule by eliminating entities with fewer than 20 employees from complying.
The House of Representatives passed that bill late last month. It is now in the hands of the Senate.
The most recent delay announcement—from August 1 enforcement to November 1—came in July. The additional three months—which came at the request of the House Appropriations Committee—was to be used to educate small businesses about Red Flags Rule compliance and to allow financial institutions and creditors more time to implement written identity theft prevention programs, according to the FTC.
Red Flags requires creditors and financial institutions to have in place identify theft prevention, detection, and response systems. The rule is mandated by the Fair and Accurate Credit Transactions Act of 2003. The FTC's Red Flags Web site includes an online compliance template that enables companies to design their own identity theft prevention program.
Red Flags was initially supposed to go into effect on Nov. 1, 2008, but it was pushed back to May 1, 2009, then to Aug. 1, 2009, then to Nov. 1, 2009, and now ultimately to June 1, 2010.