Under pressure from Congress, the Federal Trade Commission has agreed to postpone enforcement of its "Red Flags" rule that requires lawyers, doctors and other professionals to develop written identity theft prevention programs.
Both the American Bar Association and the American Medical Association have sued the agency, arguing that imposing the identity theft rule requirements on their members is arbitrary, capricious and has no legally supportable basis.
The rule was developed under the Fair and Accurate Credit Transactions Act, in which Congress directed the FTC and other agencies to develop regulations requiring "creditors" and "financial institutions" to address the risk of identity theft.
The FTC considers lawyers and other professionals to be creditors under the act, and required them to implement written identity theft prevention programs to detect the warning signs -- or "red flags" -- of identity theft in their day-to-day operations.
Last August, the ABA, represented pro bono by Proskauer Rose, filed suit in U.S. District Court for the District of Columbia challenging the rule's application to lawyers.
In October, Judge Reggie Walton backed the ABA, saying the FTC had overreached and that applying the rule to lawyers was unreasonable.
The FTC in February said it would appeal the decision.
On Friday the FTC announced that "as the request of several members of Congress," it would delay enforcement of the rule until the end of the year.
"Congress needs to fix the unintended consequences of the legislation establishing the Red Flags Rule -- and to fix this problem quickly. We appreciate the efforts of Congressmen Barney Frank and John Adler for getting a clarifying measure passed in the House, and hope action in the Senate will be swift," FTC Chairman Jon Leibowitz said in a statement. "As an agency we're charged with enforcing the law, and endless extensions delay enforcement."
This article first appeared on The BLT: The Blog of Legal Times.