The AICPA’s suit, filed on behalf of its members on November 10, 1009, charged in part that the FTC exceeded its statutory authority by extending the rule to regulate accountants and public accounting firms. The AICPA said that “it did not believe there is any reasonably foreseeable risk of identity theft when CPA clients are billed for services rendered.” That suit is now linked to the outcome of the appeal of the ABA ruling. AICPA members have been granted a 90-day grace period – a 90-day delay of enforcement of the rule – from the date on which the U.S. Court of Appeals for the District of Columbia Circuit renders an opinion in the ABA’s case against the FTC.
On May 28, 2010, the FTC announced that it again delayed the implementation until December 31, 2010 of a proposed Final Rule relating to Identity Theft Red Flags under the Fair and Accurate Credit Transactions Act of 2003. The proposed “Red Flags” rule is designed to help prevent identity theft among credit providers and financial institutions.