You are here:HomeIssuesProtecting State Insurance Regulation 2010FTC Delays Enforcement of "Red Flag" Rules Again, Until December 31

FTC Delays Enforcement of "Red Flag" Rules Again, Until December 31

At the request of several Members of Congress, the Federal Trade Commission is further delaying enforcement of the "Red Flags" Rule (RFR) through December 31,...
June 3, 2010

At the request of several Members of Congress, the Federal Trade Commission is further delaying enforcement of the "Red Flags" Rule (RFR) through December 31, 2010 (at least), while Congress considers legislation that would affect the scope of entities covered by the Rule.

What are Red Flag rules?  FTC wishes to strengthen businesses' anti-ID theft compliance.  RFRs require businesses to flag "unusual" access attempts or activity patterns that arise in database transactions and/or repositories.  In doing so, FTC is directing particular attention to databases and practices of those that collect, process and retain "credit-related" information.

Do Red Flag rules apply to insurance?  FTC does not regulate the business of insurance or those conducting the business of insurance. The point and purpose of that FTC's efforts are similar to, but already addressed/expected by the standing current insurance privacy and privacy-related obligations, laws, regulations and rules under state insurance law.

Nonetheless, there can be additional activities/services provided by PIA agencies that may also be defined as general commercial business practices (and not per se the conducting of the business of insurance). In addition to having these areas comply with insurance law, these practices then may also fall under the FTC Red Flag Rules compliance - if they ever move forward.

The PIA National Business Issues Committee has been tracking this issue since 2007, providing PIA Leaders and members with periodic updates and guidance/practice discussion outline. BIC has once again published a special update memo to address some common situations where these impending FTC rules might apply.

What It Means to Agents: PIA National BIC's message of April 2009 still holds. If you are acting in an insurance capacity, you already have state (and some other federal, e.g. HIPAA) privacy and related laws with which you must comply. These expectations have been expressed in insurance common law in one way or another since the 1960's. Therefore, these more formal insurance privacy regulations at the state and federal levels just underscore and provide more specific regulatory direction to what the courts would expect of insurance professionals.

FTC Extends Enforcement Deadline for Identity Theft Red Flags Rule

PIA BIC Update Memo