The Federal Trade Commission (FTC) “Standards for Safeguarding Customer Information” (commonly referred to as Safeguards Rule) is a set of requirements issued under Section 501(a) of the Gramm-leach-Bliley Act (GLBA) which requires financial institutions (now to include dealerships) to implement and maintain a comprehensive and documented information security program. Issued to protect consumer information and mitigate identity theft, privacy violations, and misuse of confidential data, the Safeguards Rule was issued in 2002 and officially took effect on May 23rd, 2003.
By now all financial institutions and dealerships have become familiar with the requirements of the Federal Trade Commission (FTC) “Standards for Safeguarding Customer Information” (Safeguards Rule) which requires organizations to develop, implement, and maintain a comprehensive written information security program. But due by December 9, 2022, the Revised Safeguards Rule will require organizations to revise their information security programs and implement new compliance measures.
December 9, 2022 – Required Revisions Take Effect
Effective December 9, 2022, financial institutions (including dealerships) are required to revise their information security programs and implement new security measures including annual periodic penetration testing or continuous monitoring of information systems to remain compliant.
Note: Organizations must take steps throughout 2022 and in advance of this date to comply by this deadline.
The FTC publishes revisions to Safeguards Rule (also referred to as Revised Safeguards Rule or Revised Rule), which expanded upon and added new revision requirements.Original Safeguards Rule
Requirement of conducting risk assessments.
Requirement of regular testing and/or monitoring of key controls, systems, and procedures used to protect client information.
Assessments must be conducted regularly going forward.
Testing must be done with the goal of detecting actual and attempted attacks or intrusions on information systems.
Our team of testers are certified processionals, ready to help you uncover exploitable security vulnerabilities and meet FTC Safeguards Rule requirements. At the end of your project, we will deliver a comprehensive report of our findings, including remediation recommendations. We even offer remediation re-testing for FREE for up to six findings, within six months of project completion. Schedule a call with our team to discuss your unique security needs.
The FTC Safeguards Rule broadly applies to all financial institutions including dealerships and other entities that provide or facilitate financial services.
The purpose of the FTC Safeguards Rule is to protect consumer information from misuse or data breach, ultimately protecting customer from identity theft or privacy violations.
The Revised Safeguards Rule applies to all customer information in your possession, whether such information pertains to individuals with whom you have a customer relationship or to the customers of other financial institutions that have if information to you. Accordingly, the protections it affords are likely relevant to all the customer personal information in your possession.
Revisions to the Safeguards Rule have been issued since 2003 when it was established to address and combat new and evolving security threats.
The Privacy Rule deals with how you share information about consumers who obtain, or apply for, credit or lease products from you and it includes specific notice requirements. The Safeguards Rule deals with how you protect information you receive from consumers. These obligations are independent of each other and are subject to different standards, requiring the appropriate steps to comply with each.
Are You In Compliance With FFIEC Security Standards?