Identity Theft Rules, 63604-63606 [2018-26609]

Download as PDF 63604 Federal Register / Vol. 83, No. 237 / Tuesday, December 11, 2018 / Proposed Rules VOR are VOR Federal airways V–113, V–137, V–485. With the planned decommissioning of the Priest VOR, the remaining groundbased NAVAID coverage in the area is insufficient to enable the continuity of the affected airways. As such, proposed modifications to V–113, V–137, and V– 485 would result in gaps in the route structures. To overcome the gap in V–113, instrument flight rules (IFR) traffic could use adjacent VOR Federal airways V–248 and V–107 between the Paso Robles, CA, VORTAC and the Panoche, CA, VORTAC. V–137 is proposed to terminate at the Avenal, CA, VOR/DME instead of the Salinas, CA, VORTAC (current route termination point). Alternate course to reach the Salinas, CA, VORTAC is to file V–248. V- 485 is proposed to terminate at the Fellows, CA, VOR/DME instead of the San Jose, CA, VOR/DME (current route termination point). Alternate course to reach San Jose, CA, VOR/DME is to file V–25. Additionally, ATS route T–333 is proposed to be extended as part of another rulemaking action that will mitigate the loss of V–485. Lastly, IFR traffic could file point to point through the affected area using fixes that will remain in place, or receive air traffic control (ATC) radar vectors through the area. Visual flight rules pilots who elect to navigate via the airways through the affected area could also take advantage of the adjacent VOR Federal airways or ATC services listed previously. amozie on DSK3GDR082PROD with PROPOSALS1 The Proposal The FAA is proposing an amendment to Title 14 Code of Federal Regulations (14 CFR) part 71 to modify Domestic VOR Federal Airways (V–113, V–137 and V–485). The proposed route changes are outlined below. V–113: V–113 currently extends between the Morro Bay, CA, VORTAC to the Lewistown, MT, VOR/DME. The FAA plans to delete the segment between the Paso Robles, CA, VORTAC and the Panoche, CA, VORTAC causing a gap in the route. The new route will stop at the Paso Robles, CA, VORTAC and resume at the Panoche, CA, VORTAC. The unaffected portion of the existing route will remain as charted. V–137: V–137 currently extends between Mexicali, Mexico via the Imperial, CA, VORTAC to the Salinas, CA, VORTAC. The FAA plans to delete the segment between the Avenal, CA, VOR/DME and the Salinas, CA, VORTAC. The new route will end at the Avenal, CA, VOR/DME. The unaffected VerDate Sep<11>2014 17:07 Dec 10, 2018 Jkt 247001 portion of the existing route will remain as charted. V–485: V–485 currently extends between the Ventura, CA, VOR/DME to the San Jose, CA, VOR/DME. The FAA plans to delete the segment between the Fellows, CA, VOR/DME and the San Jose, CA, VOR/DME. The new route will end at the Fellows, CA, VOR/DME. The unaffected portion of the existing route will remain as charted. Domestic VOR Federal Airways in paragraph 6010 of FAA Order 7400.11C dated August 13, 2018, and effective September 15, 2018, which is incorporated by reference in 14 CFR 71.1. The Domestic VOR Federal Airways listed in this document will be subsequently published in the Order. Regulatory Notices and Analyses The FAA has determined that this proposed regulation only involves an established body of technical regulations for which frequent and routine amendments are necessary to keep them operationally current. It, therefore: (1) Is not a ‘‘significant regulatory action’’ under Executive Order 12866; (2) is not a ‘‘significant rule’’ under Department of Transportation (DOT) Regulatory Policies and Procedures (44 FR 11034; February 26, 1979); and (3) does not warrant preparation of a regulatory evaluation as the anticipated impact is so minimal. Since this is a routine matter that will only affect air traffic procedures and air navigation, it is certified that this proposed rule, when promulgated, will not have a significant economic impact on a substantial number of small entities under the criteria of the Regulatory Flexibility Act. Environmental Review This proposal will be subject to an environmental analysis in accordance with FAA Order 1050.1F, ‘‘Environmental Impacts: Policies and Procedures’’ prior to any FAA final regulatory action. List of Subjects in 14 CFR Part 71 Airspace, Incorporation by reference, Navigation (air). The Proposed Amendment In consideration of the foregoing, the Federal Aviation Administration proposes to amend 14 CFR part 71 as follows: PART 71—DESIGNATION OF CLASS A, B, C, D, AND E AIRSPACE AREAS; AIR TRAFFIC SERVICE ROUTES; AND REPORTING POINTS 1. The authority citation for part 71 continues to read as follows: ■ PO 00000 Frm 00011 Fmt 4702 Sfmt 4702 Authority: 49 U.S.C. 106(f), 106(g); 40103, 40113, 40120; E.O. 10854, 24 FR 9565, 3 CFR, 1959–1963 Comp., p. 389. § 71.1 [Amended] 2. The incorporation by reference in 14 CFR 71.1 of FAA Order 7400.11C, Airspace Designations and Reporting Points, dated August 13, 2018 and effective September 15, 2018, is amended as follows: ■ Paragraph 6010(a) Airways Domestic VOR Federal V–113 (Amended) From Morro Bay, CA; to Paso Robles, CA. From Panoche, CA; to Linden, CA; INT Linden 046°(T) 029°(M) and Mustang, NV, 208°(T) 192°(M) radials; Mustang; 42 miles, 24 miles, 115 MSL, 95 MSL, Sod House, NV; 67 miles, 95 MSL, 85 MSL, Rome, OR; 61 miles, 85 MSL, Boise, ID; Salmon, ID; Coppertown, MT; Helena, MT; to Lewistown, MT. * * * * * V–137 (Amended) From Mexicali, Mexico; via Imperial, CA; INT Imperial 350°(T) 336°(M) and Thermal, CA 144°(T) 131°(M) radials; Palm Springs, CA; Palmdale, CA; Gorman, CA; Avenal, CA. The airspace within Mexico is excluded. * * * * * V–485 (Amended) From Ventura, CA; to Fellows, CA. The airspace within W–289 and R–2519 more than three (3) statute miles west of the airway centerline and the airspace within R–2519 below 5,000 feet MSL is excluded. Issued in Washington, DC, on December 3, 2018. Rodger A. Dean Jr., Manager, Airspace Policy Group. [FR Doc. 2018–26679 Filed 12–10–18; 8:45 am] BILLING CODE 4910–13–P FEDERAL TRADE COMMISSION 16 CFR Part 681 RIN 3084–AB50 Identity Theft Rules Federal Trade Commission. Request for public comment. AGENCY: ACTION: The Federal Trade Commission (‘‘FTC’’ or ‘‘Commission’’) requests public comment on its Identity Theft Rules. The Commission is soliciting comment as part of the FTC’s systematic review of all current Commission regulations and guides. DATES: Comments must be received on or before February 11, 2019. ADDRESSES: Interested parties may file a comment online or on paper by: • Online: Write ‘‘Identity Theft Rules, 16 CFR part 681, Project No. 188402’’ on SUMMARY: E:\FR\FM\11DEP1.SGM 11DEP1 Federal Register / Vol. 83, No. 237 / Tuesday, December 11, 2018 / Proposed Rules your comment and file your comment at https://ftcpublic.commentworks.com/ ftc/identitytheftrulesreview by following the instructions on the web-based form. • Paper: Write ‘‘Identity Theft Rules, 16 CFR part 681, Project No. 188402’’ on your comment and on the envelope and mail your comment to the following address: Federal Trade Commission, Office of the Secretary, 600 Pennsylvania Avenue NW, Suite CC– 5610 (Annex B), Washington, DC 20580, or deliver your comment to the following address: Federal Trade Commission, Office of the Secretary, Constitution Center, 400 7th Street SW, 5th Floor, Suite 5610 (Annex B), Washington, DC 20024. See the Instructions for Submitting Comments part of the SUPPLEMENTARY INFORMATION section below for additional information. FOR FURTHER INFORMATION CONTACT: Stacy Procter, Western Region—Los Angeles Office, Bureau of Consumer Protection, Federal Trade Commission, 10990 Wilshire Blvd., Suite 400, Los Angeles, CA 90024, (310) 824–4300, or Amanda Koulousias, Division of Privacy and Identity Protection, Bureau of Consumer Protection, Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580, (202) 326– 3334. SUPPLEMENTARY INFORMATION: amozie on DSK3GDR082PROD with PROPOSALS1 I. Background The Fair and Accurate Credit Transactions Act (‘‘FACTA’’) was enacted in December 2003.1 Section 114 of FACTA amended section 615 of the Fair Credit Reporting Act (‘‘FCRA’’) and required the Commission and other federal agencies to establish and maintain guidelines for financial institutions and creditors to identify patterns, practices and activities that might indicate identity theft.2 FACTA also required the Commission and other federal agencies to prescribe regulations requiring financial institutions and creditors to establish reasonable policies and procedures for implementing the established guidelines.3 In addition, FACTA required the Commission and other federal agencies to prescribe regulations requiring debit and credit 1 Public Law 108–159, 117 Stat. 1952 (codified as amended at 15 U.S.C. 1681–1681x). 2 15 U.S.C. 1681m(e)(1)(A), (e)(2). The other federal agencies include the Federal banking agencies, the National Credit Union Administration, the Commodity Futures Trading Commission (‘‘CFTC’’) and the Securities and Exchange Commission (‘‘SEC’’). The CFTC and SEC obtained regulatory authority in July 2010 pursuant to the Dodd Frank Wall Street Reform and Consumer Protection Act. Public Law 111–203, 124 Stat. 1376–2223. 3 15 U.S.C. 1681m(e)(1)(B). VerDate Sep<11>2014 17:07 Dec 10, 2018 Jkt 247001 card issuers to validate notifications of changes of address under certain situations.4 In November 2007, the Commission and banking agencies published final rules and guidelines implementing the red flags provisions of section 615 of the FCRA.5 These rules include the duties regarding the detection, prevention, and mitigation of identity theft (‘‘Red Flags Rule’’) 6 and the duties of card issuers regarding changes of address (‘‘Card Issuers Rule’’) 7 (collectively, the ‘‘Identity Theft Rules’’ or ‘‘Rules’’). In December 2010, the President signed the Red Flag Program Clarification Act (‘‘Clarification Act’’), which narrowed the scope of entities covered as a ‘‘creditor’’ under the Red Flags Rule.8 The Clarification Act also empowers the Commission and other federal agencies to determine through rulemaking whether any other type of creditor should be subject to the Red Flags Rule based on whether such creditor offers or maintains accounts with a reasonably foreseeable risk of identity theft.9 The Red Flags Rule requires each ‘‘financial institution’’ and ‘‘creditor’’ subject to the Commission’s enforcement authority to periodically determine whether it maintains ‘‘covered accounts,’’ and to develop and maintain a written Identity Theft Prevention Program (‘‘Program’’) to detect, prevent and mitigate identity theft in connection with the opening or existence of any ‘‘covered account.’’ 10 Financial institutions or creditors that are required to implement a Program must administer the Program in accordance with the Red Flags Rule, consider the guidelines set forth in appendix A, and include in their Program those guidelines that are appropriate.11 The Card Issuers Rule requires that debit or credit card issuers establish and implement reasonable policies and procedures to assess the validity of a change of address request if, within a short period of time after receiving the request, the card issuer receives a request for an additional or replacement card for the same 4 15 U.S.C. 1681m(e)(1)(C). FR 63718. 6 16 CFR 681.1. 7 16 CFR 681.2. 8 Public Law 111–319, 124 Stat. 3457 (codified at 15 U.S.C. 1681m(e)(4)). The Clarification Act retains the definition of ‘‘creditor’’ from section 702 of the Equal Credit Opportunity Act (‘‘ECOA’’), 15 U.S.C. 1691a, but generally limits application of the Red Flags Rule to ECOA creditors that engage in certain conduct regularly and in the ordinary course of business. 9 15 U.S.C. 1681m(e)(4)(C). 10 16 CFR 681.1(c)–(d). 11 16 CFR 681.1(e)–(f). 5 72 PO 00000 Frm 00012 Fmt 4702 Sfmt 4702 63605 account.12 The Card Issuers Rule further prohibits a card issuer from issuing an additional or replacement card until it has (1) notified the cardholder of the request and provided a reasonable means for the cardholder to promptly report an incorrect address change, or (2) otherwise assessed the validity of the address change.13 Card issuers within the FTC’s jurisdiction include, for example, state credit unions, general retail merchandise stores, colleges and universities, and telecoms. II. Regulatory Review of the Identity Theft Rules The Commission periodically reviews all of its rules and guides. These reviews seek information about the costs and benefits of the agency’s rules and guides, and their regulatory and economic impact. The information obtained assists the Commission in identifying those rules and guides that warrant modification or rescission. Therefore, the Commission solicits comments on, among other things, the economic impact and benefits of the Identity Theft Rules; possible conflict between the Identity Theft Rules and state, local, or other federal laws or regulations; and the effect on the Identity Theft Rules of any technological, economic, or other industry changes. III. Issues for Comment The Commission requests written comment on any or all of the following questions. These questions are designed to assist the public and should not be construed as a limitation on the issues about which public comments may be submitted. The Commission requests that responses to its questions be as specific as possible, including a reference to the question being answered, and refer to empirical data or other evidence upon which the comment is based whenever available and appropriate. A. General Issues 1. Is there a continuing need for specific provisions of the Rules? Why or why not? 2. What benefits have the Rules provided to consumers? What evidence supports the asserted benefits? 3. What modifications, if any, should be made to the Rules to increase the benefits to consumers? a. What evidence supports the proposed modifications? 12 16 13 CFR 681.2(c). Id. E:\FR\FM\11DEP1.SGM 11DEP1 63606 Federal Register / Vol. 83, No. 237 / Tuesday, December 11, 2018 / Proposed Rules amozie on DSK3GDR082PROD with PROPOSALS1 b. How would these modifications affect the costs the Rules impose on businesses, including small businesses? 4. What significant costs, if any, have the Rules imposed on consumers? What evidence supports the asserted costs? 5. What modifications, if any, should be made to the Rules to reduce any costs imposed on consumers? a. What evidence supports the proposed modifications? b. How would these modifications affect the benefits provided by the Rules? 6. What benefits, if any, have the Rules provided to businesses, including small businesses? What evidence supports the asserted benefits? 7. What modifications, if any, should be made to the Rules to increase their benefits to businesses, including small businesses? a. What evidence supports the proposed modifications? b. How would these modifications affect the costs the Rules impose on businesses, including small businesses? c. How would these modifications affect the benefits to consumers? 8. What significant costs, if any, including costs of compliance, have the Rules imposed on businesses, including small businesses? What evidence supports the asserted costs? 9. What modifications, if any, should be made to the Rules to reduce the costs imposed on businesses, including small businesses? a. What evidence supports the proposed modifications? b. How would these modifications affect the benefits provided by the Rules? 10. What evidence is available concerning the degree of industry compliance with the Rules? 11. What modifications, if any, should be made to the Rules to account for changes in relevant technology or economic conditions? What evidence supports the proposed modifications? 12. Do the Rules overlap or conflict with other federal, state, or local laws or regulations? If so, how? a. What evidence supports the asserted conflicts? b. With reference to the asserted conflicts, should the Rules be modified? If so, why, and how? If not, why not? B. Specific Issues 1. Do the guidelines in appendix A of the Red Flags Rule need updating? If so, what updates should be made? a. What evidence supports the proposed modification? b. [Reserved] 2. The Red Flags Rule covers creditors that regularly and in the ordinary course VerDate Sep<11>2014 17:07 Dec 10, 2018 Jkt 247001 of business: (1) Obtain or use consumer reports in connection with a credit transaction; (2) furnish information to consumer reporting agencies in connection with a credit transaction; or (3) advance funds to or on behalf of a person, based on an obligation of the person to repay the funds or repayable from specific property pledged by or on behalf of the person, unless the expenses for which the funds are advanced are incidental to a service the creditor provides to that person. Is there any other type of creditor that is not subject to the Red Flags Rule that offers or maintains accounts that are subject to a reasonably foreseeable risk of identity theft? a. If so, what type of creditor and what evidence supports that conclusion? b. [Reserved] IV. Instructions for Submitting Comments You can file a comment online or on paper. For the Commission to consider your comment, we must receive it on or before February 11, 2019. Write ‘‘Identity Theft Rules, 16 CFR part 681, Project No. 188402’’ on the comment. Your comment, including your name and your state, will be placed on the public record of this proceeding, including, to the extent practicable, on the public Commission website, at https://www.ftc.gov/policy/publiccomments. As a matter of discretion, the Commission tries to remove individuals’ home contact information from comments before placing them on the Commission website. Because your comment will be made public, you are solely responsible for making sure that your comment does not include any sensitive personal information, such as a Social Security number, date of birth, driver’s license number or other state identification number or foreign country equivalent, passport number, financial account number, or payment card number. You are also solely responsible for making sure that your comment does not include any sensitive health information, such as medical records or other individually identifiable health information. In addition, do not include any ‘‘[t]rade secret or any commercial or financial information which is . . . privileged or confidential,’’ as discussed in Section 6(f) of the FTC Act, 15 U.S.C. 46(f), and FTC Rule 4.10(a)(2), 16 CFR 4.10(a)(2). In particular, do not include competitively sensitive information such as costs, sales statistics, inventories, formulas, patterns, devices, manufacturing processes, or customer names. PO 00000 Frm 00013 Fmt 4702 Sfmt 9990 If you want the Commission to give your comment confidential treatment, you must file it in paper form, with a request for confidential treatment, and you must follow the procedure explained in FTC Rule 4.9(c), 16 CFR 4.9(c). In particular, the written request for confidential treatment that accompanies the comment must include the factual and legal basis for the request, and must identify the specific portions of the comments to be withheld from the public record. Your comment will be kept confidential only if the FTC General Counsel grants your request in accordance with the law and the public interest. Postal mail addressed to the Commission is subject to delay due to heightened security screening. As a result, we encourage you to submit your comment online. To make sure that the Commission considers your online comment, you must file it at https:// ftcpublic.commentworks.com/ftc/ identitytheftrulesreview by following the instructions on the web-based form. If this document appears at https:// www.regulations.gov, you also may file a comment through that website. If you file your comment on paper, write ‘‘Identity Theft Rules, 16 CFR part 681, Project No. 188402’’ on your comment and on the envelope, and mail your comment to the following address: Federal Trade Commission, Office of the Secretary, 600 Pennsylvania Avenue NW, Suite CC–5610 (Annex B), Washington, DC 20580, or deliver your comment to the following address: Federal Trade Commission, Office of the Secretary, Constitution Center, 400 7th Street SW, 5th Floor, Suite 5610 (Annex B), Washington, DC 20024. Visit the Commission website at https://www.ftc.gov to read this document and the news release describing it. The FTC Act and other laws that the Commission administers permit the collection of public comments to consider and use in this proceeding as appropriate. The Commission will consider all timely and responsive public comments that it receives on or before February 11, 2019. For information on the Commission’s privacy policy, including routine uses permitted by the Privacy Act, see https://www.ftc.gov/site-information/ privacy-policy. By direction of the Commission. Donald S. Clark, Secretary. [FR Doc. 2018–26609 Filed 12–10–18; 8:45 am] BILLING CODE 6750–01–P E:\FR\FM\11DEP1.SGM 11DEP1

Agencies

[Federal Register Volume 83, Number 237 (Tuesday, December 11, 2018)]
[Proposed Rules]
[Pages 63604-63606]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2018-26609]


=======================================================================
-----------------------------------------------------------------------

FEDERAL TRADE COMMISSION

16 CFR Part 681

RIN 3084-AB50


Identity Theft Rules

AGENCY: Federal Trade Commission.

ACTION: Request for public comment.

-----------------------------------------------------------------------

SUMMARY: The Federal Trade Commission (``FTC'' or ``Commission'') 
requests public comment on its Identity Theft Rules. The Commission is 
soliciting comment as part of the FTC's systematic review of all 
current Commission regulations and guides.

DATES: Comments must be received on or before February 11, 2019.

ADDRESSES: Interested parties may file a comment online or on paper by:
     Online: Write ``Identity Theft Rules, 16 CFR part 681, 
Project No. 188402'' on

[[Page 63605]]

your comment and file your comment at https://ftcpublic.commentworks.com/ftc/identitytheftrulesreview by following 
the instructions on the web-based form.
     Paper: Write ``Identity Theft Rules, 16 CFR part 681, 
Project No. 188402'' on your comment and on the envelope and mail your 
comment to the following address: Federal Trade Commission, Office of 
the Secretary, 600 Pennsylvania Avenue NW, Suite CC-5610 (Annex B), 
Washington, DC 20580, or deliver your comment to the following address: 
Federal Trade Commission, Office of the Secretary, Constitution Center, 
400 7th Street SW, 5th Floor, Suite 5610 (Annex B), Washington, DC 
20024.
    See the Instructions for Submitting Comments part of the 
SUPPLEMENTARY INFORMATION section below for additional information.

FOR FURTHER INFORMATION CONTACT: Stacy Procter, Western Region--Los 
Angeles Office, Bureau of Consumer Protection, Federal Trade 
Commission, 10990 Wilshire Blvd., Suite 400, Los Angeles, CA 90024, 
(310) 824-4300, or Amanda Koulousias, Division of Privacy and Identity 
Protection, Bureau of Consumer Protection, Federal Trade Commission, 
600 Pennsylvania Avenue NW, Washington, DC 20580, (202) 326-3334.

SUPPLEMENTARY INFORMATION:

I. Background

    The Fair and Accurate Credit Transactions Act (``FACTA'') was 
enacted in December 2003.\1\ Section 114 of FACTA amended section 615 
of the Fair Credit Reporting Act (``FCRA'') and required the Commission 
and other federal agencies to establish and maintain guidelines for 
financial institutions and creditors to identify patterns, practices 
and activities that might indicate identity theft.\2\ FACTA also 
required the Commission and other federal agencies to prescribe 
regulations requiring financial institutions and creditors to establish 
reasonable policies and procedures for implementing the established 
guidelines.\3\ In addition, FACTA required the Commission and other 
federal agencies to prescribe regulations requiring debit and credit 
card issuers to validate notifications of changes of address under 
certain situations.\4\
---------------------------------------------------------------------------

    \1\ Public Law 108-159, 117 Stat. 1952 (codified as amended at 
15 U.S.C. 1681-1681x).
    \2\ 15 U.S.C. 1681m(e)(1)(A), (e)(2). The other federal agencies 
include the Federal banking agencies, the National Credit Union 
Administration, the Commodity Futures Trading Commission (``CFTC'') 
and the Securities and Exchange Commission (``SEC''). The CFTC and 
SEC obtained regulatory authority in July 2010 pursuant to the Dodd 
Frank Wall Street Reform and Consumer Protection Act. Public Law 
111-203, 124 Stat. 1376-2223.
    \3\ 15 U.S.C. 1681m(e)(1)(B).
    \4\ 15 U.S.C. 1681m(e)(1)(C).
---------------------------------------------------------------------------

    In November 2007, the Commission and banking agencies published 
final rules and guidelines implementing the red flags provisions of 
section 615 of the FCRA.\5\ These rules include the duties regarding 
the detection, prevention, and mitigation of identity theft (``Red 
Flags Rule'') \6\ and the duties of card issuers regarding changes of 
address (``Card Issuers Rule'') \7\ (collectively, the ``Identity Theft 
Rules'' or ``Rules''). In December 2010, the President signed the Red 
Flag Program Clarification Act (``Clarification Act''), which narrowed 
the scope of entities covered as a ``creditor'' under the Red Flags 
Rule.\8\ The Clarification Act also empowers the Commission and other 
federal agencies to determine through rulemaking whether any other type 
of creditor should be subject to the Red Flags Rule based on whether 
such creditor offers or maintains accounts with a reasonably 
foreseeable risk of identity theft.\9\
---------------------------------------------------------------------------

    \5\ 72 FR 63718.
    \6\ 16 CFR 681.1.
    \7\ 16 CFR 681.2.
    \8\ Public Law 111-319, 124 Stat. 3457 (codified at 15 U.S.C. 
1681m(e)(4)). The Clarification Act retains the definition of 
``creditor'' from section 702 of the Equal Credit Opportunity Act 
(``ECOA''), 15 U.S.C. 1691a, but generally limits application of the 
Red Flags Rule to ECOA creditors that engage in certain conduct 
regularly and in the ordinary course of business.
    \9\ 15 U.S.C. 1681m(e)(4)(C).
---------------------------------------------------------------------------

    The Red Flags Rule requires each ``financial institution'' and 
``creditor'' subject to the Commission's enforcement authority to 
periodically determine whether it maintains ``covered accounts,'' and 
to develop and maintain a written Identity Theft Prevention Program 
(``Program'') to detect, prevent and mitigate identity theft in 
connection with the opening or existence of any ``covered account.'' 
\10\ Financial institutions or creditors that are required to implement 
a Program must administer the Program in accordance with the Red Flags 
Rule, consider the guidelines set forth in appendix A, and include in 
their Program those guidelines that are appropriate.\11\ The Card 
Issuers Rule requires that debit or credit card issuers establish and 
implement reasonable policies and procedures to assess the validity of 
a change of address request if, within a short period of time after 
receiving the request, the card issuer receives a request for an 
additional or replacement card for the same account.\12\ The Card 
Issuers Rule further prohibits a card issuer from issuing an additional 
or replacement card until it has (1) notified the cardholder of the 
request and provided a reasonable means for the cardholder to promptly 
report an incorrect address change, or (2) otherwise assessed the 
validity of the address change.\13\ Card issuers within the FTC's 
jurisdiction include, for example, state credit unions, general retail 
merchandise stores, colleges and universities, and telecoms.
---------------------------------------------------------------------------

    \10\ 16 CFR 681.1(c)-(d).
    \11\ 16 CFR 681.1(e)-(f).
    \12\ 16 CFR 681.2(c).
    \13\ Id.
---------------------------------------------------------------------------

II. Regulatory Review of the Identity Theft Rules

    The Commission periodically reviews all of its rules and guides. 
These reviews seek information about the costs and benefits of the 
agency's rules and guides, and their regulatory and economic impact. 
The information obtained assists the Commission in identifying those 
rules and guides that warrant modification or rescission. Therefore, 
the Commission solicits comments on, among other things, the economic 
impact and benefits of the Identity Theft Rules; possible conflict 
between the Identity Theft Rules and state, local, or other federal 
laws or regulations; and the effect on the Identity Theft Rules of any 
technological, economic, or other industry changes.

III. Issues for Comment

    The Commission requests written comment on any or all of the 
following questions. These questions are designed to assist the public 
and should not be construed as a limitation on the issues about which 
public comments may be submitted. The Commission requests that 
responses to its questions be as specific as possible, including a 
reference to the question being answered, and refer to empirical data 
or other evidence upon which the comment is based whenever available 
and appropriate.

A. General Issues

    1. Is there a continuing need for specific provisions of the Rules? 
Why or why not?
    2. What benefits have the Rules provided to consumers? What 
evidence supports the asserted benefits?
    3. What modifications, if any, should be made to the Rules to 
increase the benefits to consumers?
    a. What evidence supports the proposed modifications?

[[Page 63606]]

    b. How would these modifications affect the costs the Rules impose 
on businesses, including small businesses?
    4. What significant costs, if any, have the Rules imposed on 
consumers? What evidence supports the asserted costs?
    5. What modifications, if any, should be made to the Rules to 
reduce any costs imposed on consumers?
    a. What evidence supports the proposed modifications?
    b. How would these modifications affect the benefits provided by 
the Rules?
    6. What benefits, if any, have the Rules provided to businesses, 
including small businesses? What evidence supports the asserted 
benefits?
    7. What modifications, if any, should be made to the Rules to 
increase their benefits to businesses, including small businesses?
    a. What evidence supports the proposed modifications?
    b. How would these modifications affect the costs the Rules impose 
on businesses, including small businesses?
    c. How would these modifications affect the benefits to consumers?
    8. What significant costs, if any, including costs of compliance, 
have the Rules imposed on businesses, including small businesses? What 
evidence supports the asserted costs?
    9. What modifications, if any, should be made to the Rules to 
reduce the costs imposed on businesses, including small businesses?
    a. What evidence supports the proposed modifications?
    b. How would these modifications affect the benefits provided by 
the Rules?
    10. What evidence is available concerning the degree of industry 
compliance with the Rules?
    11. What modifications, if any, should be made to the Rules to 
account for changes in relevant technology or economic conditions? What 
evidence supports the proposed modifications?
    12. Do the Rules overlap or conflict with other federal, state, or 
local laws or regulations? If so, how?
    a. What evidence supports the asserted conflicts?
    b. With reference to the asserted conflicts, should the Rules be 
modified? If so, why, and how? If not, why not?

B. Specific Issues

    1. Do the guidelines in appendix A of the Red Flags Rule need 
updating? If so, what updates should be made?
    a. What evidence supports the proposed modification?
    b. [Reserved]
    2. The Red Flags Rule covers creditors that regularly and in the 
ordinary course of business: (1) Obtain or use consumer reports in 
connection with a credit transaction; (2) furnish information to 
consumer reporting agencies in connection with a credit transaction; or 
(3) advance funds to or on behalf of a person, based on an obligation 
of the person to repay the funds or repayable from specific property 
pledged by or on behalf of the person, unless the expenses for which 
the funds are advanced are incidental to a service the creditor 
provides to that person. Is there any other type of creditor that is 
not subject to the Red Flags Rule that offers or maintains accounts 
that are subject to a reasonably foreseeable risk of identity theft?
    a. If so, what type of creditor and what evidence supports that 
conclusion?
    b. [Reserved]

IV. Instructions for Submitting Comments

    You can file a comment online or on paper. For the Commission to 
consider your comment, we must receive it on or before February 11, 
2019. Write ``Identity Theft Rules, 16 CFR part 681, Project No. 
188402'' on the comment. Your comment, including your name and your 
state, will be placed on the public record of this proceeding, 
including, to the extent practicable, on the public Commission website, 
at https://www.ftc.gov/policy/public-comments. As a matter of 
discretion, the Commission tries to remove individuals' home contact 
information from comments before placing them on the Commission 
website. Because your comment will be made public, you are solely 
responsible for making sure that your comment does not include any 
sensitive personal information, such as a Social Security number, date 
of birth, driver's license number or other state identification number 
or foreign country equivalent, passport number, financial account 
number, or payment card number. You are also solely responsible for 
making sure that your comment does not include any sensitive health 
information, such as medical records or other individually identifiable 
health information.
    In addition, do not include any ``[t]rade secret or any commercial 
or financial information which is . . . privileged or confidential,'' 
as discussed in Section 6(f) of the FTC Act, 15 U.S.C. 46(f), and FTC 
Rule 4.10(a)(2), 16 CFR 4.10(a)(2). In particular, do not include 
competitively sensitive information such as costs, sales statistics, 
inventories, formulas, patterns, devices, manufacturing processes, or 
customer names.
    If you want the Commission to give your comment confidential 
treatment, you must file it in paper form, with a request for 
confidential treatment, and you must follow the procedure explained in 
FTC Rule 4.9(c), 16 CFR 4.9(c). In particular, the written request for 
confidential treatment that accompanies the comment must include the 
factual and legal basis for the request, and must identify the specific 
portions of the comments to be withheld from the public record. Your 
comment will be kept confidential only if the FTC General Counsel 
grants your request in accordance with the law and the public interest.
    Postal mail addressed to the Commission is subject to delay due to 
heightened security screening. As a result, we encourage you to submit 
your comment online. To make sure that the Commission considers your 
online comment, you must file it at https://ftcpublic.commentworks.com/ftc/identitytheftrulesreview by following the instructions on the web-
based form. If this document appears at https://www.regulations.gov, 
you also may file a comment through that website.
    If you file your comment on paper, write ``Identity Theft Rules, 16 
CFR part 681, Project No. 188402'' on your comment and on the envelope, 
and mail your comment to the following address: Federal Trade 
Commission, Office of the Secretary, 600 Pennsylvania Avenue NW, Suite 
CC-5610 (Annex B), Washington, DC 20580, or deliver your comment to the 
following address: Federal Trade Commission, Office of the Secretary, 
Constitution Center, 400 7th Street SW, 5th Floor, Suite 5610 (Annex 
B), Washington, DC 20024.
    Visit the Commission website at https://www.ftc.gov to read this 
document and the news release describing it. The FTC Act and other laws 
that the Commission administers permit the collection of public 
comments to consider and use in this proceeding as appropriate. The 
Commission will consider all timely and responsive public comments that 
it receives on or before February 11, 2019. For information on the 
Commission's privacy policy, including routine uses permitted by the 
Privacy Act, see https://www.ftc.gov/site-information/privacy-policy.

    By direction of the Commission.
Donald S. Clark,
Secretary.
[FR Doc. 2018-26609 Filed 12-10-18; 8:45 am]
BILLING CODE 6750-01-P