In December of 2021, the Federal Trade Commission (FTC) made some significant changes to the Safeguard Rule. The Safeguards Rule mandates the regulations around customer data security for specific industries.

The Safeguards Rule originally was created to regulate “financial institutions.” One of the major changes to the rule effective for 2022 is what qualifies as a financial institution. This rule has made many types of businesses that did not have to comply before, have to do so by June 9, 2022.

Under the rule, financial institutions include:

• Retailers extending credit through their own in-house credit card
• Auto Dealerships
• Personal Property or Real Estate Appraisers
• Real Estate Settlement Services
• Financial Career Counselors
• Check Cashing Businesses
• Accountants, CPAs, Enrolled Agents, and Tax Preparation Firms
• Mortgage Brokers
• Travel Agencies
• Credit Counseling Services
• Investment Advisory Companies

More information regarding the businesses that do and do not fall under the rule can be found here.

Even though you may not consider yourself a “financial institution” you are categorized by the activities within your business, not necessarily how you or even your clients classify your business. Businesses that are classified “financial institutions” are required to develop, implement, and maintain an information security program. This is not a one and done scenario. It will need to be evaluated on an ongoing basis and will change regularly based on the data.

Cyber Attacks Are Up by 42% in the First Half of 2022

No matter what type of business you are in, there is no denying that year after year we see an increase in the volume and effectiveness of Cyber Attacks. At the end of the day, the Safeguards Rule is about protecting customer data. Simply put, it is about protecting the confidentiality of customer information, protecting against security threats to the integrity of customer information, and protecting against unauthorized access to customer information.

Enforcement of the rules was set to begin on December 9, 2022 but that has been pushed back to June 9, 2023.

My Business is Considered a Financial Institution. Now What?

The FTC Safeguards Rule requires a lot from your organization to be compliant. It just does. While it may feel overwhelming, the fact of the matter is the threats aimed at businesses like yours grows daily.

Don’t delay in getting this implemented in your business. There is quite a bit of complexity involved, ranging from continuous monitoring of your network, penetration testing, ensuring service providers are compliant, and annual reporting. Non-compliance could result in fines by the FTC of up to roughly $50K per violation. Getting into compliance sooner rather than later will save your organization from potential fines and lawsuits in the future.

For your organization to become compliant, there are some key areas of your business that you need to focus on. To help you in the process, we have put together an FTC Safeguards Checklist for you, which details the path to compliance.

If you need any help with the FTC Safeguards Rule reach out to our team, we are ready to assist.