The FTC Safeguards Rule requires covered companies to develop, implement, and maintain an information security program with over 20 implemented, documented and risk assessed administrative, technical, and physical safeguards designed to protect customer information. Are your clients up on what the revised Rule requires? Are they ready to be compliant by June of this year?
From the FTC Website: “As the name suggests, the purpose of the Federal Trade Commission’s Standards for Safeguarding Customer Information – the Safeguards Rule, for short – is to ensure that entities covered by the Rule maintain safeguards to protect the security of customer information. The Safeguards Rule took effect in 2003, but after public comment, the FTC amended it in 2021 to make sure the Rule keeps pace with current technology. While preserving the flexibility of the original Safeguards Rule, the revised Rule provides more concrete guidance for businesses. It reflects core data security principles that all covered companies need to implement.”
How do you know if your client is a covered entity subject to the Safeguards Rule? The Rule defines such entities in a way that is very broad and goes past the traditional bank or credit union. The list below is a synopsis of the new rule categorization of what is a covered entity.
- A retailer that extends credit by issuing its own credit card directly to consumers
- An automobile dealership
- A personal property or real estate appraiser
- A career counselor that specializes in providing career counseling services to individuals currently employed by or recently displaced from a financial organization, individuals who are seeking employment with a financial organization, or individuals who are currently employed by or seeking placement with the finance, accounting or audit departments of any company
- A business that prints and sells checks for consumers, either as its sole business or as one of its product lines
- A business that regularly wires money to and from consumers
- A check cashing business
- An accountant or other tax preparation service that is in the business of completing income tax returns
- A business that operates a travel agency in connection with financial services
- An entity that provides real estate settlement services
- A mortgage broker
- An investment advisory company and a credit counseling service
- A company acting as a finder in bringing together one or more buyers and sellers of any product or service for transactions that the parties themselves negotiate and consummate
The FoxPointe Team is ready to answer any questions, support your clients’ needs, from vCISO to general consulting to risk and gap assessments &More. Reach out to myself or Charlie Wood today.