Compliance
FTC Safeguards
What you need to know about the FTC Safeguards Rule — and how to comply.
What is the FTC Safeguards Rule?
The Safeguards Rule requires covered financial institutions to develop, implement, and maintain an information security program designed to protect customer information. In 2021, the FTC amended the Safeguards Rule (which originally took effect in 2003) to keep pace with current technology.
Scope
Who is covered by the FTC Safeguards Rule?
The Safeguards Rule applies to financial institutions subject to the FTC’s jurisdiction that aren’t subject to enforcement by another regulator under section 505 of the Gramm-Leach-Bliley Act, 15 U.S.C. § 6805. The amended Rule defines “financial institutions” broadly.
Some examples are:
- Retailers that issue credit cards
- Automobile dealerships
- Personal property and real estate appraisers
- Check cashing businesses
- Accountants and other tax preparation services
- Mortgage brokers
- Investment advisory companies
Free Resource
Download our free FTC Safeguards Guide
A simple, business-focused guide to what the Safeguards Rule actually requires.
The Checklist
What is Required?
The Safeguards Rule requires covered institutions to develop, implement, and maintain an information security program with administrative, technical, and physical safeguards designed to protect customer information.
- Designate a “Qualified Individual”
- Conduct a risk assessment
- Design and implement “Mandatory” safeguards
- Monitor and test safeguards
- Implement policies and procedures for personnel
- Oversee service providers
- Draft an incident response plan
- Prepare an annual report
Ready to take the next step? Let’s Talk.
Contact AsystYOU Technology today to walk through your compliance program.