Upcoming Event: Summer 2024 CMMC Level 1 Workshop by HPSi's CyberAB Certified Team | July 8, 2024 | Learn more

What is FTC Safeguards Rule?

The Gramm Leach Bliley Act (GLBA) was enacted in 1999 to provide a regulatory framework for overseeing the privacy and data security practices of diverse financial institutions. This includes requirements for institutions to inform customers about privacy practices, implement security safeguards for customer information, and adhere to standards set by the Commission and other federal agencies. The Safeguards Rule, promulgated in 2002, outlines the current requirements for financial institutions to develop and maintain a comprehensive information security program. This program must written, tailored to the institution’s size, activities, and the sensitivity of customer information, encompassing risk assessment, safeguards design, testing, and regular program evaluation. Additionally, financial institutions are mandated to appoint an employee or employees to coordinate the information security program and select service providers capable of maintaining appropriate safeguards for customer information.

The Commission issued final amendments to the Safeguards Rule on December 9, 2021 and certain provisions of the Rule took in effect last June 9, 2023. The Final Rule introduces detailed criteria for risk assessments, specific safeguard requirements, and improved accountability.

How is "financial institution" defined in the Rule?

The Federal Trade Commission (FTC) has updated the definition of “financial institution” in the Safeguards Rule to include entities engaging in activities incidental to financial activities, as defined by the Bank Holding Company Act. This means that “finders,” businesses that connect buyers and sellers, are now covered under the Rule, but only if they engage in finding services for consumer transactions and have an ongoing relationship with the consumers involved. Federal regulations referenced in the rule further broaden this definition to encompass various financial and investment advisory services, including tax planning and preparation assistance for individuals, families, and households.

Examples of non-banking financial institutions per the Safeguards Rule

A retailer that extends credit by issuing its own credit card directly to consumers
An entity that provides real estate settlement services is a financial institution
An automobile dealership that leases automobiles on a nonoperating basis for longer than 90 days
An investment advisory company and a credit counseling service
A personal property or real estate appraiser
A company connecting buyers and sellers to negotiate and complete transactions for various products or services.
An accountant or other tax preparation service that is in the business of completing income tax returns
A business that operates a travel agency in connection with financial services

Hawaii's Trusted Advisor since 1993

Need help on developing a written information security program?

At HPSi, we take cybersecurity and compliance seriously. Our seasoned experts will guide you through the intricacies of the FTC Safeguards Rule, helping you tailor a written information security program that aligns with your business objectives. As a leading IT systems integrator and managed services provider in Hawaii, we are dedicated to safeguarding your digital landscape. With a focus on secure and compliance solutions, we ensure your business remains resilient in the face of evolving threats.

We know that you are getting a lot of cold calls trying to sell you something that you are not sure about. Even worse, it can be very humbug, like someone’s trying to exploit your fears. We’ve heard from many clients feeling confused and frustrated by these tactics.

If you feel lost and wondering, “Where do I start?”, check out our YouTube series where we discuss the different elements of developing a reasonable written information security program (WISP). 

Contact Us TODAY

Start your compliance journey now.

Contact us and get a quick idea of how you may benefit from performance-driven technology systems.