MANDATORY COMPLIANCE DATE FOR FTC RED FLAGS RULE APPROACHES
December 31, 2010 is the long-delayed mandatory compliance date of the Federal Trade Commission’s (FTC) Red Flags Rule, which was promulgated under the Fair and Accurate Credit Transactions Act of 2003. The original mandatory compliance date of November 1, 2008 has been extended several times because of debate over applicability of the Rule to “creditors” (as defined in the Rule). See Alerts dated October 23, 2008, April 15, May 4 and October 23, 2009 and May 28, 2010.
Members of Congress urged the FTC to delay enforcement through the end of 2010 to give Congress time to reach a consensus on the types of businesses that should be covered. There are at least three pending bills clarifying the applicability of the Rule to certain businesses. See H.R. 2345, H.R. 3763, S. 3416.
Unless Congress passes legislation by the end of the year or the FTC delays enforcement yet again, the Rule will finally take effect on December 31, 2010.
If you have any last minute questions on the applicability of the Rule to your organization or if you need assistance in reviewing your current identity theft program for compliance with the Rule or developing and implementing a new program, please do not hesitate to contact us.
TRANSITION DATE FOR NEW MODEL PRIVACY FORM ALSO COINCIDES WITH END OF YEAR
December 31, 2010 also is the last day that financial institutions may rely on the safe harbor provided by use of the privacy notice model clauses in regulations implementing the Gramm-Leach-Bliley Act. The new model privacy forms adopted in December 2009 replace the old model clauses. See Alert dated October 23, 2009.
Do not hesitate to contact us if you need assistance in revising your privacy notice(s) for compliance with the new requirements, which include detailed formatting specifications and rigidly prescribed disclosure language.
- Darrell Dreher, Elizabeth Anstaett and
LOOKING FOR A MARKETING AND PRIVACY COMPLIANCE RESOURCE? We publish an easy-to-use reference “Marketing and Privacy Digest” that compiles the state laws governing financial privacy, fair credit reporting, telemarketing/automatic dialing and announcing devices, telephone monitoring and recording, electronic signatures and restrictions on the use of social security numbers by financial service providers. Creditors, marketers and servicers should find this resource invaluable to marketing and privacy program development and regulatory compliance. Contact us for rates and other information.