Tuesday, June 9, 2009

Should the FTC regulate your firm?

In order to combat identity theft, the Federal Trade Commission issued regulations requiring, inter alia, financial institutions and creditors to develop and implement "written identity theft programs," as part of the Fair and Accurate Credit Transactions Act of 2003. In April 2009, the FTC informed the American Bar Association that it intends to require lawyers and law firms to abide by the rules because lawyers and law firms fall into the category of creditors under the law.

The "written identity theft programs" must provide for the identification, detection, and response to patterns, practices or specific activities that could indicate identity theft. The programs must describe responses that a firm would undertake to mitigate or prevent identity theft, and require management by senior employees of the firm.

Compliance with the FTC rules would undoubtedly be burdensome in time and expense for the legal community. In addition, the FTC rules threatens the autonomy of the legal profession, which is the only service provider that remains self-regulated and nearly free from federal oversight. But perhaps compliance with the FTC rules is a fair price for firms to pay to ensure the safety of their client's identity (bearing in mind that there have been no reported instances of identity theft arising from providing legal services).

In less than two months the Federal Trade Commission's "Red Flags Rule" will go into effect, which may mean yet more regulation of your law firm. NYCLA wants to know your opinion as to whether or not to endorse the "Red Flags Rule" regulations and get your views on a course of action to address the issue.

Please leave your comment by clicking the "Comment" link below.

No comments: