Upcoming Event: Winter 2024 CMMC Workshop by HPSi's CyberAB Certified Team | November 13, 2024 | Learn more
 Revised FTC Safeguards Rule: Does my business need to comply?

Revised FTC Safeguards Rule: Does my business need to comply?

The Federal Trade Commission (FTC) Safeguards Rule is a set of regulations that require financial institutions to protect the security of customer information. The rule was revised, and certain revisions took effect on June 9, 2023, to reflect the changing landscape of financial services and technology.

So, what does this mean for your business? Whether or not your business is covered by the Safeguards Rule depends on a few factors, including:

  • What kind of business you have. The Safeguards Rule applies to financial institutions, which are defined as businesses that engage in activities that are financial in nature or incidental to such financial activities. This includes a wide range of businesses, such as banks, credit unions, mortgage lenders, payday lenders, and investment advisors.
  • What information you collect. The Safeguards Rule applies to businesses that collect nonpublic personal information about their customers. This includes information such as names, addresses, Social Security numbers, and financial account numbers.
  • How you collect and store the information. The Safeguards Rule applies to businesses that collect and store nonpublic personal information in electronic or paper form.

What kind of businesses are considered “financial institutions” under this Rule? Below are some examples per Section 314.2(h) of the Rule:

CPAsAuto Dealerships
Mortgage LendersMortgage Brokers
Payday LendersFinance Companies
Account ServicersCheck Cashers
Wire TransferorsCollection Agencies
Credit counselors and other financial advisorsTax Preparation Firms
Non-federally Insured Credit UnionsInvestment Advisors that aren’t required
to register with the SEC

In addition to the list above, the 2021 amendments to the Safeguards Rule added finders, companies that bring together buyers and sellers, as a new example of a financial institution. Finders do not participate in the transaction themselves, but they do collect sensitive financial information from both parties. Therefore, they are now subject to the Safeguards Rule’s requirements for protecting customer information.


To learn more about the revised FTC Safeguards Rule and how HPSI can help your business comply, click here.