There seems to be some ground-laying for follow-on Red Flag compliance guidelines to emerge either pre- or post- May 1, 2009. Whether they arrive in the form of clarifying statements by the Red Flags Rule drafting agencies, or separate guidelines beyond the current Rule, the ambiguity associated with the current set of parameters leads me to believe that:
- The door is open for many entities, not clearly called out in the Red Flags Rule as ‘covered’ to be more formally placed under that umbrella, and
- A new series of mandates may be on the horizon as the focus on identity theft prevention and, of critical note, consumer protection continues to sharpen.
I look at "The President’s Identity Theft Task Force Report" (September 2008) as a potential catalyst for the publication of more formal directives around consumer identity theft prevention programs. While the report currently sits in the form of recommendations, it is likely that some of these recommendations mayevolve into more definitive enactments. Additionally, it’s clear that even commercial entities that are potentially not covered by the Red Flag Rule today are called out as still in need of stringent and diligent identity theft prevention measures. More to follow next time on this report.