Upcoming Event: Accelerate CMMC compliance with HPSI | April 12, 2024 | Learn more
 Revised FTC Safeguards Rule: What changed?

Revised FTC Safeguards Rule: What changed?

In today’s digital age, protecting sensitive consumer information is paramount. With cybersecurity threats on the rise, businesses must ensure the safety and privacy of their customers’ data. The Federal Trade Commission (FTC) Safeguards Rule plays a crucial role in safeguarding consumer information, and its latest revision in 2023 brings renewed focus and clarity. Let’s explore the relationship between the FTC Safeguards Rule and the Gramm-Leach-Bliley Act (GLBA), uncover the key aspects of the latest revision, identify the entities covered by this rule, and provide actionable tips for achieving compliance.

In the ever-evolving landscape of data privacy and security, the FTC Safeguards Rule stands as a vital component of consumer protection. As an integral part of the GLBA, which aims to safeguard the financial information of individuals, the FTC Safeguards Rule specifically addresses the security of non-public personal information (NPI) held by financial institutions, including banks, credit unions, mortgage lenders, and other financial service providers.

How is the FTC Safeguards Rule related to the Gramm-Leach-Bliley Act (GLBA)? The FTC Safeguards Rule serves as an implementation mechanism for the data security requirements outlined in the GLBA. Enacted in 1999, the GLBA seeks to promote consumer confidence in financial institutions by establishing privacy standards and protecting customers’ personal information. The FTC Safeguards Rule supplements the GLBA by providing specific guidelines for safeguarding non-public personal information.

What changed since the latest revision of this Rule? The recent revision of the FTC Safeguards Rule, effective as of June 9, 2023, aims to address emerging threats and enhance data security practices within covered financial institutions. Here are the key aspects of the latest revision that institutions such as auto dealerships and other covered entities should be aware of:

  1. Expanded definition of non-public personal information (NPI) to encompass a broader range of data.
  2. Strengthened requirements for risk assessments and security measures, considering the evolving cybersecurity landscape.
  3. Emphasis on encryption and multi-factor authentication for enhanced data protection.
  4. Enhanced oversight and accountability measures, including incident response planning and vendor management.
  5. Provisions for regular staff training and cybersecurity awareness programs to ensure a culture of data security.

Who is covered under this Rule? Defined by the Federal Trade Commission, a “financial institution” is an entity that is “engaged in an activity that is financial in nature or is incidental to such activities as described in section 4(k) of the Bank Holding Company Act of 1956, 12 U.S.C § 1843(k).”

The FTC Safeguards Rule applies to a variety of financial institutions, including:

  • Auto Dealerships
  • Mortgage Lenders / Brokers
  • Tax Preparation Firms
  • Credit Counselors and other Financial Advisors
  • Real Estate Appraisal or Finder Services
  • Collection Agencies
  • CPAs

Practical Tips and Recommendations for Achieving Compliance in 2023: To ensure compliance with the FTC Safeguards Rule and protect consumer data, consider implementing the following measures using the provided checklist and template:

  1. Conduct a thorough risk assessment to identify potential vulnerabilities and prioritize security measures.
  2. Establish robust data security protocols, including encryption, firewalls, and secure authentication methods.
  3. Implement access controls and regularly review and update user privileges to prevent unauthorized access.
  4. Develop an incident response plan using the template provided by your IT provider to effectively address and mitigate data breaches or security incidents.
  5. Train employees regularly in data security best practices and raise awareness about potential threats.
  6. Implement vendor management protocols, including due diligence and oversight of third-party service providers.

Conclusion: The FTC Safeguards Rule plays a crucial role in protecting consumer information and reinforcing data security practices within the financial industry. By adhering to the guidelines outlined in the latest revision, auto dealerships, financial institutions, and other covered entities can safeguard customer trust, reduce the risk of data breaches, and ensure compliance.