How do you spell R-E-L-I-E-F?
or at least "temporary relief" as the CPA profession scored a partial victory in getting the FTC to delay the enforcement deadline of its "Red Flags Rule".
At the request of Congress, the FTC is delaying the enforcement deadline for the Red Flags Rule until June 1, 2010. The FTC announced the extension two days before the rule was to have gone into effect.
According to the FTC, the rule requires certain creditors and financial institutions "to develop and implement written identity theft prevention programs to help identify, detect and respond to patterns, practices or specific activities -– known as “red flags” -- that could indicate identity theft."
With a hefty penalty of $3,500 per incident, this far-reaching new rule had many CPAs and small businesses concerned. The issue stems from the definition of "creditor" in the rule's language. It was so broad that it swept in professional services firms (CPAs) and all small businesses who do not collect fees at the point of sale.
Working collaboratively with the AICPA and many of our colleagues in other states, MACPA wrote to our congressional delegation and the FTC petitioning them to exempt CPAs. See our letter here Download MACPA Red Flags Rule Ltr to FTC. This has been a major discussion in our town hall meetings and we are pleased with the dealy by the FTC, we will continue our work to exempt CPAs completely.
Check out all of the developments and resources our editor, Bill Sheridan has gathered on our blog CPA Success. In the mean time, you can find out more about privacy protection and what it means for CPAs by listening to this MACPA podcast, featuring an interview with Marilyn Prosch, an associate professor in the Department of Information Systems Management at Arizona State University.
Want to learn more?
Here are a few other resources that offer expanded looks at security and privacy:
- Security for Accountants: New Legal Requirements and Practical Solutions, Nov. 5 at the Columbia Center
- 2009 MACPA Technology Conference, Dec. 7 at the Sheraton Columbia Hotel
- FTC "Red Flag Rule" resources
- AICPA "Red Flag Rule" guidance
- "Preventing identity theft throughout the data life cycle," a JofA article written by Prosch
- "Outsourcing and privacy: 10 critical questions top management should ask," a Statement article written by Prosch