Lawsuit pits CPAs vs. FTC on ‘Red Flags Rule’
There's plenty of action these days surrounding the Federal Trade Commission's "Red Flags Rule," a privacy mandate that requires certain organizations to develop and implement written identity theft prevention programs.
In late October, the FTC announced it had delayed the enforcement deadline for the rule to June 1, 2010 -- great news, but still not enough to placate the AICPA , the MACPA and other state societies that want CPAs exempted from the rule.
Now comes word that the profession is upping the ante.
The AICPA has filed a lawsuit that seeks to bar the FTC from the applying the rule CPAs. In the words of AICPA President and CEO Barry Melancon, here's why:
“We do not believe that there is any reasonably foreseeable risk of identity theft when CPA clients are billed for services rendered. As trusted advisors, CPAs are personally acquainted with their clients and already adhere to strict privacy requirements governing identifying information.”
The lawsuit was filed in the U.S. District Court for the District of Columbia. Read the complaint in its entirety.
We'll keep you posted about what happens next. In the meantime, check out these related that offer expanded looks at security and privacy:
- Security for Accountants: New Legal Requirements and Practical Solutions, Nov. 5 at the Columbia Center
- 2009 MACPA Technology Conference, Dec. 7 at the Sheraton Columbia Hotel
- FTC "Red Flag Rule" resources
- AICPA "Red Flag Rule" guidance
- "Preventing identity theft throughout the data life cycle," a JofA article written by Dr. Marilyn Prosch
- "Outsourcing and privacy: 10 critical questions top management should ask," a Statement article written by Prosch