With the November 1 compliance deadline looming, last Friday the FTC once again kicked the proverbial ID Theft Red Flags “can” down the road. Facing pressure from Members of Congress, the FTC made the decision to delay enforcement until June 1, 2010. The delay comes in spite of outreach efforts by the FTC to inform businesses of their legal obligations under the Red Flags Rule and to help them get their ID Theft Prevention program off the ground.

Just to be clear, the financial supervisory agencies (FDIC, FRB, OCC, OTS and NCUA) have been enforcing the Red Flags Rule for financial institutions for a while now. The FTC is tasked with enforcing the Red Flags Rule for companies that extend credit and are not already regulated by the financial supervisory agencies, which is a very large number of U.S. businesses. Think car dealerships, mortgage brokers, utilities, healthcare providers, etc. Prior to this latest delay, the FTC already pushed back enforcement twice because of confusion in the business community about who the Rule applies to.

The information these creditors tend to collect can be easily used to steal identities. And it’s no big secret that until the Red Flags Rule, there was no legal impetus for these businesses to implement safeguards to prevent ID theft. The continued delays by the FTC (and pushed for by Congress and lobbying groups), leave consumers exposed to undue risk that FACTA was intended to help remedy (by the way, FACTA was signed into law back in 2003). Fingers are crossed in hope that come June 1, 2010, the FTC will pick the can up and finally start enforcing the law.