Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends
Posted in Cybersecurity & Data Breaches

District Court Rules that Red Flags Rule Doesn’t Apply to Lawyers

As reported in the blog of the American Bar Association Section of Antitrust Law Privacy and Information Security Committee:

Judge Reggie Walton of the U.S. District Court for the District of Columbia ruled today that the FTC cannot force practicing lawyers to comply with Red Flags Rule.

With the November 1st enforcement date for the Red Flags Rule looming, the court’s ruling for now eliminates uncertainty for lawyers, who the FTC had argued should be covered because among other things, billing on a monthly basis made them “creditors” under the Rule.  The ABA had argued that Congress did not intend to subject lawyers to FTC regulation (an area traditionally left to the States) and that the extension of the Rule to lawyer billing practices was overly-broad.  Judge Walton’s oral ruling appeared to agree with the ABA arguments.  Whether or not the FTC will appeal remains to be seen, but given the fact that it did so in the case involving the applicability of the Gramm-Leach-Bliley to lawyers suggests that it will.  See ABA v. FTC,  430 F.3d 457 (D.C. Cir. 2005).