Monday, November 2, 2009

Red Flags Delayed Until June 1, 2010

At the request of Members of Congress, the Federal Trade Commission is delaying enforcement of the "Red Flags" Rule until June 1, 2010, for financial institutions and creditors subject to enforcement by the FTC.
Read the FTC Announcement:

And in a related story I am sorry to report;

The American Bar Association is celebrating a ruling by the U.S. District Court for the District of Columbia barring the Federal Trade Commission (FTC) from applying the requirements of the Red Flags Rule to attorneys.
"This ruling is an important victory for American lawyers and the clients we serve," ABA President Carolyn B. Lamm said in a written statement. "The court recognized that the Federal Trade Commission's interpretation of the Fair and Accurate Credit Transactions Act (FACTA) over-reaches and its application to lawyers is unreasonable. By voiding the FTC's interpretation of a statue that was clearly not intended to apply to the legal profession, the court has ensured that lawyers stay focused on the mission of their work: providing aid and counsel to the individuals and organizations that need us."
The FTC is expected to appeal the Court's ruling. FTC General Counsel Willard Tom said, "It's safe to assume the Commission is going to consider its options very seriously. We think there is no reason lawyers should be exempt."
Read more:
Ruling bars application of FTC 'Red Flags Rule' to legal profession

I hope the legal profession is aware that a lot of people (including me), are going to pay close attention to the security practices of law firms. This means of course that law firms will no longer be tossing paper client records into dumpsters as has happened several times in the last year, and if police reports are accurate seems to be a favorite way for law firms to dispose of old records. As I reported last year I also had two encounters where a County Superior court judge handed out materials on recycled paper containing personal and banking information that had been previously entered into evidence. The way I see this the legal profession has shown itself to be not only ignorant of the intention of the laws and due perhaps to industry hubris cannot bear to be regulated by an outside authority.

When your or my identity is misused by thieves as the result of a law firms lax information security practices will we really care that they successfully lobbied for exemption to a procedure that might well have prevented the crime from even happening? What are they celebrating, a win?