Happy news for all organizations which would have been affected by the FTC's red flag rules: the deadline for enforcement of the rules has been pushed back six months from its original date of November 1, 2008. The rule requires that creditors and financial institutions implement identity theft prevention programs, but the FTC found that many companies needed more time to come into compliance. The new enforcement deadline is May 1, 2009. In its statement, the FTC said that the extension does "not affect other federal agencies' enforcement of the original November 1, 2008 deadline for institutions subject to their oversight to be in compliance."
We (and by we, I mean my colleague Jane Shea) previously wrote about the red flag rules here and here.