The Federal Trade Commission (FTC) announced another delay in the enforcement of its anti-identity theft regulation, commonly known as the “Red Flags Rule.” The agency’s decision was largely fueled by recent legislative efforts to narrow the types of entities and individuals subject to the Red Flags Rule. Enforcement of the FTC’s Red Flags Rule is now delayed until June 1, 2010.

The FTC promulgated the Red Flags Rule pursuant to the Fair and Accurate Credit Transactions (FACT) Act of 2003, with the goal of preventing identity theft by requiring “financial institutions” and “creditors” subject to the Rule to implement programs to identify, detect and respond to identity theft warning signs. Opposition to the rule—including challenges from key industry organizations (such as those representing health care providers)—led the agency to delay enforcement of the Red Flags Rule four times.

For more on the Red Flags Rule and its requirements, including an overview of the components of a Red Flags Program and highlights of Red Flags Program administration requirements, see the Akin Gump alert, “FTC Delays Enforcement of Identity Theft Prevention Regulations Until November 1, 2009.” The FTC has also made guidance available through its Red Flags Rule Web site, www.ftc.gov/redflagsrule.