Complying With the FTC's Amended Safeguards Rule

Complying With the FTC's Amended Safeguards Rule

Cybersecurity is a looming threat for most businesses. The impact of a major cyber event can resonate for weeks, months, and even years after the initial attack. To mitigate the risks to consumers, there have been several legislative updates to address these evolving threats, including a significant change for entities in, and adjacent to, the financial services space.

Specifically, the Federal Trade Commission (FTC) has updated its Standards for Safeguarding Customer Information (Safeguards Rule). The Safeguards Rule took effect in 2003 and was amended in 2021 to keep pace with evolving technology. The amended Safeguards Rule provides more concrete guidance on how to implement core data security principles for covered financial institutions. The FTC extended the original deadline for certain safeguards by six months, and compliance with the Safeguards Rule is now required by June 9, 2023.

Who Is Covered?

The Safeguards Rule applies to financial institutions that are engaged in an activity that is “financial in nature” or is “incidental to such financial activities,” that are subject to the FTC's jurisdiction, and that are not subject to the enforcement authority of another regulator under section 505 of the Gramm-Leach-Bliley Act (GLBA)15 U.S.C. § 6805. For example, the following are businesses that are deemed examples of financial institutions subject to the FTC's jurisdiction under the Safeguards Rule: mortgage lenders, payday lenders, finance companies, mortgage brokers, account servicers, check cashers, wire transferors, collection agencies, credit counselors and other financial advisors, tax preparation firms, non-federally insured credit unions, and ..

Support the originator by clicking the read the rest link below.