This is starting to resemble 404(b) compliance for small companies. The Federal Trade Commission has once again delayed the enforcement of the Red Flags Rules, which would require financial and other "creditor" companies to implement anti-identity theft (identity theft news) policies as laid out by the Fair and Accurate Credit Transactions Act, which went into effect in January 2008. Companies now have until Dec. 21, 2010.

This marks the fifth time the government has extended the deadline for certain industries to implement the rules. Physicians are breathing easier. The delay came one day before they would have been required to comply. The American Medical Association and other healthcare concerns had lobbied for a reprieve, one that it and other lobbyists would like to make permanent. Several Congressmen are likeminded, and we'll likely see some rules crafted that will exempt medical industries. Some have argued that the rules were intended for banks and other financial firms but were written too broadly.

Related Articles:
Case study: Wells Fargo and ID fraud
Are you in compliance with the ID Theft Red Flags law?
Update: 404(b) compliance for small companies