New FTC Rules: How Does This Affect Your Business? (ft. DUO Webinar)
By December 9th, 2022, companies will need to be in compliance with the new updates to the requirements of the Safeguard Rule.
What is the Safeguards Rule?:
Per the FTC, the Safeguards Rule requires covered financial institutions to develop, implement, and maintain an information security program with administrative, technical, and physical safeguards designed to protect customer information. It reflects core data security principles that all covered companies need to implement. Read more about the FTC rule here.
What do the new requirements include?:
For companies that maintain customer information for less than 5000 consumers:
The definition of what a financial institute has been broadened to include non-financial institutions that handle financial consumer data.
Appoint a "qualified individual" to be responsible for overseeing & implementing an information security program.
New elements of an effective Safeguard program that include encryption and MFA.
For companies that maintain customer information for over 5000 consumers, the above and below requirements:
Conduct written expanded risk assessment.
Create a written incidence response plan
Submit an annual report to the financial instructions governing party re: the Safeguards program.
What kind of companies will this affect?:
Since the definition of financial institute has been broadened, non-financial institutions will now include:
See more about the updated definition of a financial institute by clicking here.
What does this mean for my business?:
It is important to understand that these changes are to increase security to protect consumers. TIC will be reaching out to existing customers if they fall into the updated categories along with supporting any changes needed.