As I have reported before, the FTC's Red Flag Rules regarding prevention of identity theft go into effect (allegedly) tomorrow, November 1. The Red Flag Rules have been supposed to go into effect multiple times before, only to be delayed. But since tomorrow is almost here, maybe they will indeed go into effect this time.
Another development is that Judge Reggie B. Walton of the United States District Court for the District of Columbia has ruled that the Red Flag Rules do not apply to law firms. The D.C. Court agreed with the American Bar Association, finding that the Federal Trade Commission's interpretation of the Fair and Accurate Credit Transactions Act (FACTA - the amendment to the FCRA passed a few years ago) was overreaching and its application to lawyers and law firms unreasonable.
The decision turned on FACTA's definition of creditor. Only creditors, as defined by FACTA, have to comply with the Red Flag Rules' requirements to attempt to prevent identity theft. The Red Flag Rules require creditors to adopt written identity theft prevention procedures.
The FTC argued that lawyers and law firms fall under the definition of "creditor" and thus have to comply with the Red Flag Rules. Unfortunately for the FTC's argument, it was a stretch to call a law firm a creditor and Judge Walton agreed. As a result, Judge Walton granted the ABA's motion for partial summary judgment. This also means I don't have to write identity theft prevention procedures by tomorrow.