FTC Safeguards Financial Institutions Rule
We protect your information from being exposed by identifying potential breaches before hackers can exploit them and gain access.
FTC Issues Guidance On The Revised Safeguards Rule
The Time for Dealers to Act is Now
By now, everyone should be aware of the fact that the Federal Trade Commission has issued some fairly complicated amendments to its Safeguards Rule. These amendments will require those people covered under the rule to address a number of technical and procedural issues in order to provide adequate protection for personal and consumer data.
All these steps must be in place by December 9th, 2022, and that leaves very little time for affected individuals to get the work done. Obviously, the time to address these issues is now, if you haven’t already begun to do so.
What you need to know
The main points covered by the amendments to the Safeguards Rule include all the points described below. The sooner you can get these improvements in place, the better chance you have of complying in time with the Federal requirements.
FTC Requirements
Qualified Individual
Each dealer must appoint a qualified individual to carry out and supervise your information security program.
Implement Safeguards To Manage Risk
Review access control, secure stored data, encrypt data at rest and in transit, assess apps, enable multi-factor authentication, dispose of customer info securely, facilitate change, maintain activity logs, and regularly monitor and test safeguards.
Monitor Service Providers
Anyone you do business with must have the same safeguards in place that you are required to.
Incident Response Plan
Each dealer must have a formal written incident response plan which identifies the personnel on the response team, as well as what their approach will be to resolving incidents.
Risk Assessment
A risk assessment must be carried out to identify points of vulnerability, so they can be addressed immediately by your team.
Staff Training
Since employees are often the weakest point in any security system, employees need to be trained, and that training needs to be periodically refreshed so the training can sink in.
Information Security Program Currency
Your program must be kept current at all times, and that means applying whatever updates are necessary when they are necessary.
Report To Board Of Directors
Whomever you have designated as you’re Qualified Individual must provide an annual report to the Board of Directors (or at least senior management) on the status of your information security system.
To ensure full compliance
The points outlined above constitute the main thrust of the FTC Safeguards Rule amendments, and they will give you a good idea about what you have to do in order to achieve compliance.
However, you should also consult the actual FTC publication, so that you can be aware of all the details associated with each of these points. It’s better that you follow the step-by-step guide by the FTC itself, so there’s no question about whether or not you are in full compliance with the requirements.
You can download the document itself and use it as your guideline for the implementation of your information security system. Keep in mind that there is not much time left before all this has to be in place, so if you haven’t already begun your efforts to achieve compliance, you need to begin immediately.
Most businesses have enough issues they are obliged to comply with without having a whole new set of them imposed by the federal government.
However, if you just consider this one more cost of doing business, and just take your lumps, you can get the work done. Once you have all this in place, it will be an easy matter to simply continue monitoring the information provided by your system.
This will give you much more confidence that your customer data is being fully protected, so you can retain the trust of all your loyal customers.