If you and your business are scrambling to meet the Nov. 1, 2009 deadline to comply with the Federal Trade Commission's “Red Flags Rule,” relax. You've got a little more breathing room.
At the request of Congress, the FTC is delaying the enforcement deadline for the Red Flags Rule until June 1, 2010. The FTC announced the extension two days before the rule was to have gone into effect.
According to the FTC, the rule requires certain creditors and financial institutions “to develop and implement written identity theft prevention programs to help identify, detect and respond to patterns, practices or specific activities -– known as “red flags” — that could indicate identity theft.”
The CPA profession is working to convince regulators that CPAs should be exempt from the rule “based on the fact that CPAs are already required, through state laws, professional codes of conduct and IRS regulations, to maintain client confidentiality such that identity theft is very unlikely.” That's a direct quote from the AICPA's Information Technology Center. Details on that effort will be made available as warranted.
Watch this blog for details about the rule. In the mean time, you can find out more about privacy protection and what it means for CPAs by listening to this MACPA podcast, featuring an interview with Marilyn Prosch, an associate professor in the Department of Information Systems Management at Arizona State University.
Want to learn more?
Here are a few other resources that offer expanded looks at security and privacy:
- Security for Accountants: New Legal Requirements and Practical Solutions, Nov. 5 at the Columbia Center
- 2009 MACPA Technology Conference, Dec. 7 at the Sheraton Columbia Hotel
- FTC “Red Flag Rule” resources
- AICPA “Red Flag Rule” guidance
- “Preventing identity theft throughout the data life cycle,” a JofA article written by Prosch
- “Outsourcing and privacy: 10 critical questions top management should ask,” a Statement article written by Prosch