FTC Safeguards Rule Provisions: We Can Helpwphungerford
In November 2022, the Federal Trade Commission (FTC) extended the compliance deadline for new provisions under its Standards for Safeguarding Customer Information, or the Safeguards Rule. Companies were required to meet the new provisions by June 9, 2023.
The Safeguards Rule was created to “ensure that entities covered by the Rule maintain safeguards to protect the security of customer information.”
Why Should Our Clients Care?
With these provisions, the FTC is stepping up enforcement of data security. If your company is not compliant with the new provisions of the Safeguards Rule, it can result in significant fines and penalties imposed by the FTC. Furthermore, if you do experience a data breach and are not compliant with the new provisions, the FTC will take legal action.
We understand this will require making technical decisions that will impact your business, and we have the expertise to help. We can work with you to understand your needs so you can be compliant.
What Provisions Are Included in the Extension?
You should consult the Federal Register Notice for details, but the extension applies to provisions in the revised Rule that require covered companies to:
- Designate a qualified person to oversee their information security program
- Develop a written risk assessment
- Limit and monitor who can access sensitive customer information
- Encrypt all sensitive information
- Train security personnel
- Develop an incident response plan
- Periodically assess the security practices of service providers
- Implement multifactor authentication or another method with equivalent protection for anyone accessing customer information.
“The Safeguards Rule was created to ensure that entities covered by the Rule maintain safeguards to protect the security of customer information.”
Who is Covered by the Safeguards Rule?
The Rule applies to businesses that are considered “financial institutions” under the Gramm-Leach-Bliley Act. This includes not only banks and credit unions but also other businesses involved in financial activities.
Some of these activities include:
- Lending, brokering or servicing any type of consumer loan
- Transferring or safeguarding money
- Preparing individual tax returns
- Providing financial advice or credit counseling
- Providing residential real estate settlement services
- Collecting consumer debts
Remember, these are just examples, and there are many other businesses and activities that can be considered “financial institutions” under the GLBA.
We’re Here to Help
If you need more information or help meeting these new requirements, please contact us here.