Are You Ready for Brazil’s New Data Protection Law?
27 December 2018
The Brazilian General Data Protection Law (“Lei Geral de Proteção de Dados” or “LGPD”), passed by Congress on 14 August 2018, will come into effect on...
Blog: Chronicle of Data Protection | 03 December 2012
The FTC has issued an interim final rule to amend the Identity Theft “Red Flags Rule,” which requires certain “financial institutions” and “creditors” to develop and implement a written identity theft prevention program to identity, detect, and respond to possible incidents of identity theft. The interim rule amendment conforms the Red Flag’s Rule’s definition of “creditor”—which was originally so broad as to include virtually all businesses that accept deferred payment for goods or services, including law firms, medical practices, and others not typically considered “creditors”—with the narrower definition of that term set forth in the 2010 Red Flag Program Clarification Act (the “Clarification Act”). Congress passed the Clarification Act to limit the range of entities covered as “creditors” under the Red Flags Rule, and the interim final rule simply adopts the statute’s narrower definition. Under that definition, an entity will not qualify as a “creditor” within the meaning of the Red Flags Rules unless, in addition to accepting deferred payment for goods and services, it regularly and in the ordinary course of business: