FTC's New Red Flags Rules: Are They the Right Cure at the Right Time?

[Commentary] Identity theft is a serious problem that causes its victims financial loss, inconvenience and mental suffering. Despite a wide range of different efforts to clamp down on identity theft, it continues to grow. A recent Federal Trade Commission report revealed that in 2008, the number of identity theft complaints exceeded 1.2 million, the highest number on record for any year since such complaints were tracked.

Medical identity theft, while far less prevalent than financial identity theft, is a major concern for consumers. It is thus not very surprising that legislators, consumer protection agencies and advocates continue to seek new ways to prevent identity theft of all kinds and mitigate the effects of identity theft when it does occur. One of the most recent efforts to combat identity theft is FTC's Red Flags Rules, a result of the Fair and Accurate Credit Transactions Act of 2003. Among other requirements, FACTA required FTC to enact rules to require financial institutions and "creditors" to develop programs to assist the government in detecting, preventing and mitigating "red flags" of identity theft. The rules were originally to take effect on Nov. 1, 2008, but were delayed several times -- first to May 1, 2009, then to Aug. 1, 2009, and then to Nov. 1, 2009. Most recently, FTC delayed the enforcement of the rules a fourth time, and they are now set to be enforced beginning on June 1, 2010.