The enforcement date for the FTC "Red Flag Rule" to prevent identity theft has been extended until November 1, 2009 in order to give businesses more time to understand the rule and take steps to comply. The rule applies to any entity under FTC jurisdiction that is a "creditor" or "financial institution" and which maintains customer accounts which extend credit through post-paid arrangement. This would include a VoIP provider that bills monthly after the fact, for example. For those subject to the rule, they must take steps outlined by the FTC to allow them to look for "red flags" which might indicate identity theft from their customer information. Click here for more information. The rule should be taken seriously, both because FTC enforcement action can be taken against companies who fail to comply, and because failure to comply might create follow-on civil liability in class action or consumer lawsuits. Additional information about the Red Flag Rule is also available on Kelley Drye’s Advertising Law blog.