The Federal Trade Commission’s (FTC) Safeguards Rule was enacted to ensure the security of customer information. The FTC amended this rule in 2021 and requires all agencies to comply with the Rule by June 9, 2023.
Who is expected to comply?
The Safeguards Rule applies to financial institutions subject to the FTC’s jurisdiction and that aren’t subject to the enforcement authority of another regulator under section 505 of the Gramm-Leach-Bliley Act, 15 U.S.C. § 6805.
To find out if this includes your agency – contact DS24 now.
What do I have to do?
The Safeguards Rule requires covered financial institutions to develop, implement, and maintain an information security program with administrative, technical, and physical safeguards designed to protect customer information.
Section 314.4 of the Safeguards Rule identifies nine elements that your company’s information security program must include:
Designate a qualified individual to implement and supervise your company’s information security program.
Conduct a risk assessment.
Design and implement safeguards to control the risks identified through your risk assessment.
Regularly monitor and test the effectiveness of your safeguards.
Train your staff.
Monitor your service providers.
Keep your information security program current.
Create a written incident response plan.
Require your Qualified Individual to report to your Board of Directors.