Monday, November 16, 2009
The American Institute of CPAs (AICPA) has filed a lawsuit against the Federal Trade Commission (FTC) over the Red Flags Rule, reports WebCPA.com. AICPA says the FTC is wrong to interpret that the rule should apply to accountants. The Red Flags Rule requires that financial institutions and creditors take certain measures to prevent and recognize identity theft. "We do not believe that there is any reasonably foreseeable risk of identity theft when CPA clients are billed for services rendered," said AICPA president and CEO Barry Melancon. Late last month a U.S. District Court judge granted an American Bar Association motion to prevent the FTC from holding practicing attorneys accountable to the rule.
Anyone who has read or even scanned the Red Flags legislation cannot help but to see that this is intended to lower the incidents of identity theft through a sensitivity and understanding of what some of the causes are. Attorneys seem to be sensitive more to having oversight from outside their ranks than to stopping identity theft. I am pretty certain however that when an attorney suffers at the hand of identity thieves they want to know what the company whose compromise caused the theft had done to safeguard their information prior to the breach. Not wanting to lose their own thunder the lobbyists for CPAs feel the need for their own exemption. That is evident in the statement by Mr. Melancon who mistakenly links billing to theft. It isn't the billing Mr. Melancon, it's the data lying about in your company waiting for someone to walk out with it on a CD, or to hack your servers and get it.
Again, "When you safeguard the information you keep on others you are protecting them. When someone else does it they are protecting you."