FTC Safeguards Rule
The Federal Trade Commission (FTC) has finalized changes to the Standards for Safeguarding Customer Information rule (Safeguards Rule) under the Gramm-Leach-Bliley Act (GLBA). The updated Safeguards Rule amends the FTC’s 2003 Safeguards Rule and requires financial institutions (which includes Dealers) to strengthen their data security safeguards to protect customer financial information. Compliance with the updated Safeguards Rule is required by June 9, 2023. If your business is covered by the revised FTC Safeguard Rules, it is essential that you develop, implement, and maintain a comprehensive cybersecurity program. The elements of the program are listed below. Not sure if you are compliant or have other questions? Fill out our Assessment form below! To learn more about the Safeguards Rule, view our Safeguards Starter Guide.
Who Needs to Comply?
- Banks and Credit Unions
- Mortgage Lenders
- Mortgage Brokers
- Motor Vehicle Dealers
- Finance Companies
- Online Lenders
- Check Cashing Companies
- Collection Agencies
- Credit Counselors
- Financial Advisors
Elements of Security Program
- Designation of Qualified Individual
- Conduct Risk Assessments
- Design and Implement Safeguards to Control Identified Risks
- Routinely Monitor and Test the Effectiveness of Safeguards
- Train Staff
- Monitor Service Providers Compliance
- Keep Your Information Security Program Current
- Develop a Written Incident Response Plan
- Have Your Qualified Individual Report Back to the Board of Directors with an Annual Written Report on Compliance with the Program