Inside Privacy - Updates on Developments in Global Privacy & Data Security

Last Friday, the U.S. Court of Appeals for the D.C. Circuit issued its opinion in litigation between the American Bar Association (ABA) and the Federal Trade Commission (FTC) over the scope of the FTC’s Red Flags rule.  The Court held the ABA's claims moot in light of recently-enacted legislation.   

The Red Flags rule requires covered entities to design and implement identity theft prevention programs.  In August 2009, the ABA challenged the FTC’s authority to enforce the rule with respect to attorneys.  In December 2010, Congress passed the Red Flag Program Clarification Act, which amended the definition of “creditor” in the underlying statute to limit the scope of the FTC’s rule.  We covered in previous blog posts the Act as well as supplemental briefs (here and here) filed by both parties arguing over the Act’s impact on the litigation.  The Court held that the ABA’s claims were now moot because the Act caused there to no longer be a case or controversy. 

The ABA’s claims for injunctive relief were premised on the original definition of “creditor” prior to passage of the Act.  The Court stated that “the policy, rule, and statute that gave rise to [the] suit are no longer in the same posture.”  The Court acknowledged that the FTC could promulgate new regulations seeking to subject attorneys to the Red Flags rule but dismissed it as a mere “hypothetical possibility” not giving rise to a live dispute. 

FTC Chairman Jon Leibowitz applauded the Court’s decision for vindicating the FTC’s contention that the case should be dismissed.

We recently covered the Red Flag Program Clarification Act of 2010 in a blog post and client alert.  The Act was intended to narrow the scope of the Federal Trade Commission’s Red Flags rule, which imposes requirements on creditors and financial institutions to detect and deter identity theft.  Prior to the Act’s passage, the American Bar Association had commenced litigation against the FTC regarding the rule’s application to attorneys.  The litigation is presently in the U.S. Court of Appeals for the District of Columbia Circuit, and in court papers filed on Friday, January 20, 2011, the FTC provided its initial interpretation of the Act’s impact on the rule. 

The FTC argued that the Act does not provide a blanket exemption for all attorneys, contrary to the ABA’s contention and the district court’s ruling.  Pursuant to the Act, an attorney could be subject to the Red Flags rule if he or she satisfies the definition of “creditor” under the Equal Credit Opportunity Act and regularly obtains consumer reports in connection with credit transactions, furnishes information to consumer reporting agencies in connection with credit transactions, or lends money to or on behalf of a person unless the loan is for expenses incidental to the services provided by the attorney.  In addition, the Act authorizes the FTC to subject any person to the rule if the FTC determines, by rulemaking, that the person “offers or maintains accounts that are subject to a reasonably foreseeable risk of identity theft.”  The FTC pointed to these two provisions, as well as the absence of legislative history supporting a blanket exemption for any profession, in arguing that the Act does not support the ABA’s position that attorneys should be categorically exempt from the rule. 

The ABA’s responsive brief is due on February 3, 2011.