Solution Centers

DRILLDOWNS

Cloud Computing

Operating Systems

More

Delayed Again: Red Flags Rule Deadline Now June 1, 2010

Bowing to Congressional pressure, the FTC is delaying enforcement of the Red Flags Rule until June 1, 2010, for financial institutions and creditors. Here, IT security pros weigh in on what the rule means for them.

Leave a comment

By Bill Brenner

Mon, November 02, 2009 — CSO — Companies scrambling to meet a Nov. 1 enforcement deadline for the Federal Trade Commission's Red Flags Rule have gotten another reprieve. Bowing to pressure from some members of Congress, the commission pushed the deadline to June 1, 2010, according to a message on the FTC website.

The FTC made the announcement Friday, the same day the U.S. District Court for the District of Columbia ruled that the commission can't apply the rule to attorneys. But the FTC said its latest enforcement delay will not affect the separate timeline of that proceeding and any possible appeals, nor will it affect other federal agencies' ongoing enforcement for financial institutions and creditors subject to their oversight, the FTC statement said.

See also: Red Flag Rules and Vendor Relationships

The Red Flags Rule was instituted under the Fair and Accurate Credit Transactions Act, where Congress ordered the FTC and other agencies to make regulations forcing creditors and financial institutions to address security holes that could lead to identity theft. The rule requires all such entities that have covered accounts to develop and implement written identity theft prevention programs to help identify, detect, and respond to patterns, practices, or specific activities -- known as red flags -- that could indicate identity theft.

See also: Five Ways to Fight ID Theft

The rule hasn't received much media attention in recent months, mostly because of the infosec community's anxiety over another often-delayed law -- Mass. 201 CMR 17. But last week, before the latest deadline extension, CSOonline conducted an informal poll of IT security practitioners and industry analysts, asking what their specific challenges have been in relation to the Red Flags Rule. What follows are some of the responses that arrived via the likes of e-mail and LinkedIn.

Ed Moyle, founding partner at Security Curve, former VP of information security at Merrill LynchTruthfully, in the field, a lot of the folks I've come across are pretty much where they need to be from a regulatory standpoint (i.e. they've hit the bar required by the regulation). But just hitting that bar doesn't mean a company is all the way there in terms of protecting customers from identity theft.

My recommendation to folks that think they have everything in hand on this is two-fold: First, make sure all the i's are dotted and t's crossed before the deadline to make sure they're compliant with the reg. (i.e., make sure that they have the defined identity theft processes and that their staff are trained on what to do if someone calls in to report identity theft). Second, while the iron's hot, look to see if there's something that they can do to address identity theft proactively for example, maybe can they change the business processes to reduce the likelihood of identity theft? This isn't always possible, but why not use compliance with the law as an opportunity to go over and above?

1 | 2 | 3 |next page »

Comments

Print

LinkedIn

U.S. Federal Trade Commission

More from IT Drilldown « Back to Security

Articles

Microsoft Getting Better At Patch Tuesday Updates, Experts Say

Microsoft Patch Tuesday: Critical Update for IE

TSA Officials Put on Administrative Leave After Security Lapse

Facebook Simplifies Privacy Options

State Dept. Worker Sentenced for Passport Snooping

Facebook Simplifies Privacy Options

Report Predicts Rise of Self-Defending Botnets

FTC Sues to Stop Robocallers

More Articles »

Mobile Security ABCs

Get up to speed on mobile security.

Learn More »

Security Newsletter

Security MarketSpace

The CIO's New Guide to Design of Global IT Infrastructure

Read this paper to learn the 5 key principles you can leverage to redesign an environment of any size. Learn more »

Eliminate Distance in the Virtual Environment

Virtualization has been the driver behind IT consolidation. Watch this Web Seminar to see the pivotal role application acceleration can play in eliminating distance, speeding remote disaster recovery and improve application performance in a virtual environment. Learn more »

Extreme Savings-Cutting Costs with Riverbed Solutions

Reduce Bandwidth Utilization. Learn how Riverbed can reduced hard costs while improving application performance... Learn more »

Forrester on WAN Optimization for Mobile Users

Forrester conducted interviews of more than 300 IT pros to understand the challenges they face as their organizations have become more mobile. Their experiences with WAN optimization and Forrester's recommendations will help you understand the criteria needed before choosing a WAN optimization technology. Learn more »

Five Steps to Successful IT Consolidation

WAN Optimization, Why Consolidate? This white paper provides 5 easy steps to help you map out a sound strategy. Learn more »

An In-Depth Look at ROI

Learn how to evaluate ROI in hard dollars and soft dollars with three key ROI metrics. Learn more »

The Case for Data Protection for SMBs

Email and Web Threats Require a Layered Defense

Learn how web threats are changing and how using a layered defense strategy can give you the security you need. Learn more »

WHITE PAPERS

Definitive Guide to Wide Area Data Services

Cut Costs with WAN Optimization

Forrester Research: Recommendations for Mobile WAN Optimization

Consolidation and Virtualization in 5 Easy Steps

Secure Email and Web-Based Communication from Evolving Attacks

Understanding Versatile Authentication and Its Benefits

Managed Security for a Not-So-Secure World

Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle

Managing a growing threat: An Executive's Guide to Web Application Security

Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities

IDC Q&A: The Mobile Workforce

Oracle Business Brief - Business Continuity - Are You Always Open for Business?

The Forrester Wave™: Web Filtering, Q2 2009

The Forrester Wave™: Email Filtering, Q2 2009

VIP Access for Mobile: Making Consumer Two-Factor Authentication Simple and Cost-Effective

Authentication as a Service by Forrester Research

Mining the Cloud to Ease the Enterprise Compliance Burden

Enabling Secure B2B Collaboration: Cloud-Based Authentication for Next-Generation Extranets

Solve Five Key IT Security Challenges with Cloud-Based Authentication

8 Elements of Vulnerability Management

More White Papers »

SPONSORED LINKS

Making Consumer Two-Factor Authentication Simple and Cost-Effective

Mining the Cloud to Ease the Enterprise Compliance Burden

Solve Five Key IT Security Challenges with Cloud-Based Authentication

IDC White Paper: CCM for IT Compliance and Risk Management

Keeping Your Members Safe from Online Scams and Predators

Learn about the growing threat of insider data theft.

Verint Systems. Discover the Power of Intelligence in Action"

Unified Communications: Thoughts, Strategies and Predictions. Join the discussion.

Return on Information: Google Enterprise Search pays you back

Cut Costs & Green Your IT Operations with PC Power Management

Webcast: Unleashing the Power of Customer Data

White Paper: Legacy Tools: Not Built for the Helpdesk

Taking a Seat at the Executive Table: The Reality of Virtualization

White Paper: Next Generation Remote Infrastructure Management

Seven Design Requirements for Web 2.0 Threat Protection

Cloud-Based Email Management: Opinion Shifts In Favor

Lower IT Costs with Oracle Database 11g Release 2

White Paper: Visibility and the New Normal of Mobile Work

Taking the Service Desk to the Next Level

Learn about The Information Technology Infrastructure Library.

CA ARCserve r12.5 is More Than Backup! Download Trial Version Today

Secure & simplify your data center w/Juniper Networks.

Register for more Windows Enterprise Webcasts today.

Gartner Symposium ITxpo 2009: The World's Most Important Gathering of CIOs and Senior IT Executives

Stay informed with custom newsletters from Tech Dispenser

Authentication as a Service by Forrester Research

Cloud-Based Authentication for Next-Generation Extranets

Mobile Security: The Essential Ingredient for Today's Enterprise

Secure Email and Web-Based Communication from Evolving Attacks

WagerWorks Takes Fraudsters Out of the Game using iovation

White Paper: A Security Blueprint Delivered From within the Network

Cisco SIO To Go for iPhone. It's like having a security expert in the palm of your hand.

Upgrading to VMware vSphere with vWire

Maximizing website Return on Information with high-quality search

See how AT&T can help protect your network.

White Paper: 5 Best Practices for Smartphone Support

Global Research: CIOs Weigh In On Virtualization

5 Key Virtualization Management Challenges

The Total Economic Impact of Network Security Intrusion Prevention

Generation Remote Infrastructure Management - Changing the Paradigm

Learn how advanced forecasting tools can deliver significant business results for global corporations.

Achieving Business Agility with Application Grid

Ready to virtualize tier one applications? Check your virtualization maturity.

Seven Ways ITIL Can Help You in an Economic Downturn

Tips for successful virtualization management.

Dark Fiber from Sunesys Save on Unlimited Bandwidth with Fixed Costs.

Masters of Virtualization and Cloud Computing - Daily News

Webcast: The Costs and Challenges of Supporting Today's Information Worker

Top Five CIO Challenges

Return on Information: Google Enterprise Search pays you back. Get the facts.

RESOURCE CENTER

© 1994 - 2009 CXO Media Inc.