Red Flags Rule Legal Update

January 1, 2011

(Published in the New Hampshire Business Review, January 2011)

In early December 2010, a broad range of unsuspecting companies were required to comply with the Red Flags Rule and create an Identity Theft Prevention Program.  A week before Christmas, President Obama narrowed the reach of the Red Flags Rule and signed into law the “Red Flag Program Clarification Act of 2010.” 

The law limits the scope of the Red Flags Rule to creditors that regularly and in the ordinary course of business: (1) obtain or use consumer reports, directly or indirectly, in connection with a credit transaction; (2) furnish information to certain consumer reporting agencies in connection with a credit transaction; or (3) advance funds to or on behalf of a person, based on a person’s obligation to repay the funds or on repayment from specific property pledged by or on the person’s behalf.  The revised definition of “creditor” excludes creditors “that advance funds on behalf of a person for expenses incidental to a service provided by the creditor to that person.”

As discussed in last month’s article, Moving Beyond Data Security: Identity Theft Prevention Program Required, Dan’s small engine repair shop was the type of business to which the Red Flags Rule would apply.  The exclusion in the new law likely applies to companies like Dan’s.  Currently, the FTC is revising its materials and may add more specific regulations for creditors that maintain accounts that are subject to a reasonably foreseeable risk of identity theft. 

Neil B. Nicholson is an attorney at the law firm of McLane, Graf, Raulerson & Middleton, P.A.  Neil can be reached at 603-628-1483 or  The McLane Law Firm is the largest law firm in the State of New Hampshire, with offices in Manchester, Concord, and Portsmouth, NH, and Woburn, MA.