I like your proposed rules, especially for the official site, but as usual you leave enough loopholes that the rules may be ineffective on unofficial sites. For sites like freecreditreport.com, you should stipulate that the site provide a warning that they are not the free credit report provided by federal law, at the top of all web pages, in a minimum point size that is easy to read. The warning should also be on a confirmation page which appears after the customer has ordered, which lets him cancel if he so chooses, in which case the customers personal info should be discarded. All warning messages should indicate the URL of the official site, annualcreditreport.com. You may also want to require that "annualcreditreport.com" be text only, to prevent redirects. Also, somewhere on the site in plain view, should be full disclosure of what the customer is signing up for if he orders the reports (i.e, is he joining a buyers club or something). Also, either disallow selling of the customers info to 3rd parties or have the site warn the customer that it will be.
16 CFR Part 610 Amendments to Rule to Prevent Deceptive Marketing of Credit Reports and to Ensure Access to Free Annual File Disclosures #545091-00291
16 CFR Part 610 Amendments to Rule to Prevent Deceptive Marketing of Credit Reports and to Ensure Access to Free Annual File Disclosures