DOES THE NEW FTC SAFEGUARDS RULE AFFECT YOU?
The U.S. Federal Trade Commission (FTC) recently revised the “Safeguards Rule” to require non-banking financial institutions to develop, deploy and maintain a comprehensive security program to keep customer financial data safe.
The FTC’s definition of non-banking financial institutions essentially includes any organization that handles customer financial data and engages in transactions that use personal consumer information. Some of the affected organizations include:
• Mortgage lenders and brokers
• Payday lenders
• Finance companies
• Automobile dealerships
• Collection agencies
• Tax preparation firms
• Credit counselors and other financial advisors
• Retailers that issue their own credit cards
• Non-federally insured credit unions
• Personal property or real estate appraisers
• Travel agencies in connection with financial services
Starting June 9th, the revised Safeguards Rule requires the identified organizations to:
• Designate a qualified person to oversee their information security program,
• Develop a written risk assessment,
• Limit and monitor who can access sensitive customer information,
• Encrypt all sensitive information,
• Train security personnel,
• Develop an incident response plan,
• Periodically assess the security practices of service providers, and
• Implement multi-factor authentication or another method with equivalent protection for anyone accessing customer information.
Cyberattacks are on the rise and we expect other industries will be adding similar requirements soon. To learn more about the Safeguard Rule, check out the FTC’s website.