The Federal Trade Commission in December published a notice in the Federal Register indicating that it is seeking public comment on whether any amendments should be made to the FTC’s Identity Theft Red Flags Rule (“Red Flags Rule”) and the duties of card issuers regarding changes of address (“Card Issuers Rule”) (collectively, the “Identity Theft Rules”). The request for comment forms part of the FTC’s systematic review of all current FTC regulations and guides. These periodic reviews seek input from stakeholders on the benefits and costs of specific FTC rules and guides along with information about their regulatory and economic impacts.
The Red Flags Rule requires certain financial entities to develop and implement a written identity theft detection program that can identify and respond to the “red flags” that signal identity theft. The Card Issuers Rule requires that issuers of debit or credit cards (e.g., state credit unions, general retail merchandise stores, colleges and universities, and telecom companies) implement policies and procedures to assess the validity of address change requests if, within a short timeframe after receiving the request, the issuer receives a subsequent request for an additional or replacement card for the same account.
The FTC is seeking comments on multiple issues, including:
- Is there a continuing need for the specific provisions of the Identity Theft Rules?
- What benefits have the Identify Theft Rules provided to consumers?
- What modifications, if any, should be made to the Identify Theft Rules to reduce any costs imposed on consumers?
- What modifications, if any, should be made to the Identify Theft Rules to increase their benefits to businesses, including small businesses?
- What evidence is available concerning the degree of industry compliance with the Identify Theft Rules?
- What modifications, if any, should be made to the Identify Theft Rules to account for changes in relevant technology or economic conditions?
The comment period is open until February 11, 2019, and instructions on how to make a submission to the FTC are included in the notice.
Blog courtesy of Hunton Andrews Kurth, a U.S.-based law firm with a Global Privacy and Cybersecurity practice that’s known throughout the world for its deep experience, breadth of knowledge and outstanding client service. Read the company’s privacy blog here.