Privacy is a central element of the FTC's consumer protection mission. In recent years, advances in computer technology have made it possible for detailed information about people to be compiled and shared more easily and cheaply than ever. That has produced many benefits for society as a whole and individual consumers. For example, it is easier for law enforcement to track down criminals, for banks to prevent fraud, and for consumers to learn about new products and services, allowing them to make better-informed purchasing decisions. At the same time, as personal information becomes more accessible, each of us - companies, associations, government agencies, and consumers - must take precautions to protect against the misuse of our information.
The Federal Trade Commission is educating consumers and businesses about the importance of personal information privacy, including the security of personal information. Under the FTC Act, the Commission guards against unfairness and deception by enforcing companies' privacy promises about how they collect, use and secure consumers' personal information. Under theGramm-Leach-Bliley Act, the Commission has implemented rules concerning financial privacynotices and the administrative, technical and physical safeguarding of personal information, and it aggressively enforces against pretexting. The Commission also protects consumer privacy under the Fair Credit Reporting Act and the Children's Online Privacy Protection Act. Use the topic links on the left to read more about our efforts in each of these areas, including what we've learned, and what you can do to protect the privacy of your personal information.
Click the links for more information about HIPAA and Red Flag Rules.
Wednesday, May 27, 2009
FTC and Privacy
Monday, May 4, 2009
The FTC has decided to grant an extension for complying with the Red Flag Rules to all companies, including medical practices, until August 1, 2009.
FTC Will Grant Three-Month Delay of Enforcement of ‘Red Flags’ Rule Requiring Creditors and Financial Institutions to Adopt Identity Theft Prevention Programs
The Federal Trade Commission will delay enforcement of the new “Red Flags Rule” until August 1, 2009, to give creditors and financial institutions more time to develop and implement written identity theft prevention programs. For entities that have a low risk of identity theft, such as businesses that know their customers personally, the Commission will soon release a template to help them comply with the law. Today’s announcement does not affect other federal agencies’ enforcement of the original November 1, 2008 compliance deadline for institutions subject to their oversight.
“Given the ongoing debate about whether Congress wrote this provision too broadly, delaying enforcement of the Red Flags Rule will allow industries and associations to share guidance with their members, provide low-risk entities an opportunity to use the template in developing their programs, and give Congress time to consider the issue further,” FTC Chairman Jon Leibowitz said.
The Fair and Accurate Credit Transactions Act of 2003 (FACTA) directed financial regulatory agencies, including the FTC, to promulgate rules requiring “creditors” and “financial institutions” with covered accounts to implement programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft. FACTA’s definition of “creditor” applies to any entity that regularly extends or renews credit – or arranges for others to do so – and includes all entities that regularly permit deferred payments for goods or services. Accepting credit cards as a form of payment does not, by itself, make an entity a creditor. Some examples of creditors are finance companies; automobile dealers that provide or arrange financing; mortgage brokers; utility companies; telecommunications companies; non-profit and government entities that defer payment for goods or services; and businesses that provide services and bill later, including many lawyers, doctors, and other professionals. “Financial institutions” include entities that offer accounts that enable consumers to write checks or make payments to third parties through other means, such as other negotiable instruments or telephone transfers.
During outreach efforts last year, the FTC staff learned that some industries and
entities within the agency’s jurisdiction were uncertain about their coverage under the Red Flags Rule. During this time, FTC staff developed and published materials to help explain what types of entities are covered, and how they might develop their identity theft prevention programs. Among these materials were an alert on the Rule’s requirements,www.ftc.gov/bcp/edu/pubs/business/alerts/alt050.shtm, and a Web site with more resources to help covered entities design and implement identity theft prevention programs,www.ftc.gov/redflagsrule. The compliance template will be available on this Web site.The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 1,500 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s Web site provides free information on a variety of consumer topics.