“We wanted to do the right thing. We tried to be as transparent as possible in our policy statement,” says Broder. “So in the. enforcement of getting it right, we extended the date for enforcement to give those companies time to get their program in place,” Broder says. “I just found out our company was covered” indicated that a step-back was the. right thing to do, and instead go out and buy something off the shelf for compliance or do something that wasn’t well suited to their business.”]
Source: https://www.cuinfosecurity.com/ftc-wont-enforce-id-theft-red-flags-rule-until-may-1-a-1022