On Tuesday, November 15th, the FTC postponed enforcement of some of the requirements of the revised Safeguards Rule. While many may be tempted to delay compliance efforts, we encourage you to continue taking necessary steps now. Why? Many requirements that were postponed (MFA, Encryption, and Service Provider oversight) take significant time (months, not days) to implement. Here is what needs to be completed by June 9:
- a designated, qualified person to oversee the company information security program,
- a written risk assessment,
- limit and monitor who can access sensitive customer information,
- encrypt all sensitive information,
- train security personnel,
- develop an incident response plan,
- periodically assess the security practices of service providers, and
- implement multi-factor authentication or another method with equivalent protection for anyone accessing customer information.
Who Needs to Comply?
Mortgage lenders, mortgage brokers, motor vehicle dealers, payday lenders, finance companies, account servicers, check cashing companies, wire transferors, collection agencies, credit counselors and other financial advisors, tax preparation firms, non-federally insured credit unions, and investment advisors that aren’t required to register with the SEC.
Don’t Comply? Pay the Penalty
In civil FTC enforcement actions, financial institutions can face fines up to $100,000 per violation, with fines for officers and directors of up to $10,000 per violation. The GLBA Safeguard Act also includes provisions for criminal enforcement. In criminal cases, financial institutions, officers, and directors can face statutory fines and officers and directors can also face up to five years of federal imprisonment.
Need help with any of the Safeguard requirements? Schedule a Safeguards Compliance Assessment
The BMT team has the tools and expertise to make sure you’re compliant by the deadline and prepared to protect your customers’ financial information.