Red Flags ID Theft Program Delayed (Again)
Last week, the Federal Trade Commission (FTC) announced that it is delaying — for the third time in less than a year — the deadline for companies to comply with the Red Flags rule. The law originally to go into effect on November 1, 2008, but was delayed until May 1, 2009. Then, it was announced that the deadline would be pushed back to August 1, 2009. And, for the third time, it was delayed until November 1, 2009.
The delay? The challenge of compliance. You may have seen our previous guest post from John Carlson, Senior Vice President of BITS/Financial Services Roundtable, where he mentions that many BITS/FS Roundtable member companies too more than 2,600 hours on average to comply with these new requirements. 2,600 hours! That comes out to be about 108 days. Wow. What can an organization do in 108 days? Plenty.
As Mr. Carlson noted in his post, in early July 2009, BITS submitted a comment letter to the OCC revealing significantly higher compliance burden estimates. The letter was based on the results of a June 2009 survey of eleven Roundtable/BITS. The average amount of time spent on a “red flags” program was 2,650 hours with a low of 250 hours and 5,000 hours. 5,000 hours was the peak. Wow.
What do you all think of this?
.gif)
Facebook
LinkedIn
Twitter
From Linked-In:
Betsy broader and the FTC knows that they is no way companies will spend that much time on it! In 2006 she was quoted on the ABA journal saying that “We’re not looking for a perfect system. But we need to see that you’ve taken responsible steps to protect your customers’ information.”
The main thing according to them: “All businesses need to have a written plan describing how customer data will be safeguarded and a staff member or company officer designated to be responsible for implementing that plan and train the employees”
From Linked-In:
I find 2600 hours a bit hard to believe unless it is a complex hospital system that hasn’t complied with HIPAA either.