Late last month, the Federal Trade Commission (“FTC”) and the federal banking agencies jointly issued final rules and guidelines on financial institutions’ and creditors’ obligations to develop and implement a comprehensive written program that prevents, detects, and mitigates identity theft; duties of card issuers regarding changes of address; and duties of users of consumer reports regarding address discrepancies. The final rules are effective on January 1, 2008. Covered financial institutions and creditors must comply with the rules by November 1, 2008.

The Privacy and Information Security Practice Group has prepared a Client Advisory, which provides an analysis of each of these rules and guidelines.