As many attorneys are aware, a suit over the enforcement of the FTC's "red flags" rule is still making its way through the courts. This final decision on whether or not to include lawyers in the list of those who must develop programs to help identify the warning signs (the "red flags") of identity theft has not yet been made.
According to the ABA Governmental Affairs Office, the FTC first developed the red flags rule to be included in the Fair and Accurate Credit Transactions Act of 2003. The rule requires "creditors" to develop programs identifying, detecting, and responding to the red flags of identity theft. Among those described as creditors were professionals, including lawyers. The enforcement of the rule including lawyers was delayed twice.
The GAO reports the ABA filed suit against the FTC in the U.S. District Court for the District of Columbia on August 27, 2009. In October, the ABA's motion for summary judgment for declaratory and injunctive relief from the Rule's application to lawyers in American Bar Association v. Federal Trade Commission, was granted.
Currently, the enforcement of the rule has once again been delayed, pending the appeal by the FTC. According to the ABA, on September 7, the New York State Bar Association, along with 54 state and local bar associations, filed an amicus brief in support of the American Bar Association. ABA President Stephen N. Zack hailed the widespread support. "This is a critical issue to lawyers and their clients across the nation. For so many state and local bars to come together is extraordinary. The reason for this exceptional unity is because the idea of applying red flags to law practice is so clearly wrong-headed."
The briefs argue that the rule should not apply to lawyers for several reasons. First, the burden of the rule's requirement to develop such identity theft warning plans would fall disproportionately upon small law firms and solo practitioners. In addition, the bar associations would like to see the court keep the historical regulation of lawyer conduct at the state level. Finally, the briefs emphasized to the court the need to protect the "sacrosanct confidentiality of client financial information."