Client Alert

Federal Trade Commission's Red Flags Rule Takes Effect November 1, 2009


It's time to set your clocks back and implement a Red Flags program. The Federal Trade Commission's (FTC) Red Flags Rule takes effect on this Sunday, November 1. As of this writing, the FTC has not announced that it will further delay its enforcement of the Rule.

The Red Flags Rule requires many businesses and organizations to implement a written Identity Theft Prevention Program designed to detect the warning signs - or "red flags" - of identity theft in their daily operations, take steps to prevent identity fraud, and mitigate its damages.

The FTC has broadly interpreted the definition of "creditor" to apply the Rule to all businesses or organizations that regularly defer payment for goods or services. Many industries have protested this broad application of the Rule and have sought additional guidance from the FTC. In response, the FTC has repeatedly delayed implementation of the Red Flags Rule since its initial effective date in November 2008.

Unless the FTC elects to further delay the effective date of the Red Flags Rule, all covered businesses and organizations should have a written Identity Theft Prevention Program in place by November 1.

Federal Court Bars Application of Rule to Lawyers

In August 2009, the American Bar Association (ABA) filed suit to block the Rule's application to the legal profession. Yesterday, October 29, 2009, the U.S. District Court for the District of Columbia granted the ABA's motion for summary judgment, thereby barring the FTC's application of the rule to lawyers. Judge Walton ruled that the FTC's application of the Red Flags Rule to attorneys exceeded its statutory authority, and he appeared to question the FTC's broad application of the Rule to anyone who provides services and later bills customers in arrears.

A written opinion will be issued within 30 days, which should clarify whether the ruling will extend beyond the legal profession. (In the interests of full disclosure, Morrison & Foerster Partner Andrew Smith chairs the ABA task force overseeing the Red Flags litigation.)

Additionally, legislation that would bar the Rule's application to certain small businesses and others at low risk for identity theft has passed the House of Representatives. We understand that Senate Banking Committee staff is working on companion legislation, but no bill has yet been introduced.

We will continue tracking challenges to the enforcement of the Red Flags Rule and keep clients abreast of key developments. Please feel free to contact us if you have questions regarding the application of the Red Flags Rule to your business or organization.

Andrew M. Smith

Vanessa R. Waldref




Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.