The FTC Safeguards Rule Revamp
Will Your Business Survive the Upcoming Shift?

Adapting to the FTC Safeguards Rule: Your Guide to Compliance

As the deadline for the new FTC Safeguards Rule inches closer, businesses must reassess their status as financial institutions and ensure they are fully prepared to comply with the updated requirements. Alliance Technology Partners, a leading IT consulting company in the St. Louis area, is committed to assisting organizations in implementing the right technology solutions to guarantee compliance with the FTC Safeguards Rule. Their mission is to secure one million computer users, and they are here to help you navigate this complex regulatory landscape.

Understanding the New FTC Safeguards Rule

The latest update to the FTC Safeguards Rule, which comes into effect on June 9, 2023, introduces new definitions for “financial institution” and outlines the compliance requirements for protecting customer information. The rule is part of The Gramm-Leach-Bliley Act of 1999 and is designed to ensure businesses maintain a reasonable information security program. This article will help you better understand:

• Which financial firms are affected by the Safeguards Rule update
• The new definitions introduced by the Safeguards Rule
• How finance entities should use the new Safeguards guidelines to establish reasonable information security programs

Thirteen Financial Institutions Affected by the New FTC Safeguards

According to the National Archives Code of Federal Regulations, your business qualifies as a financial institution under the new FTC Safeguards Rule if it falls into one of the following thirteen categories:

1. Retailers issuing their credit cards directly to consumers
2. Automobile dealerships leasing automobiles on a non-operating basis for longer than 90 days
3. Personal property or real estate appraisers
4. Career counselors specializing in providing services to individuals employed by or seeking employment with financial organizations
5. Businesses that print and sell checks for consumers
6. Businesses that regularly wire money to and from consumers
7. Check-cashing businesses
8. Accountants or tax preparation services completing income tax returns
9. Travel agencies offering related financial services
10. Entities providing real estate settlement services
11. Mortgage brokers transacting loans
12. Investment advisory companies and credit counseling services
13. Companies acting as finders in bringing together buyers and sellers of products or services for transactions they negotiate and consummate

Even couriers serving banks are considered financial institutions under the new rule.

Seven New Definitions from the New FTC Safeguards

Maurice Wutscher identifies seven new terms and one modification introduced by the new FTC Safeguards Rule:

1. “Authorized User”: Any person authorized to access an organization’s information systems or data
2. “Encryption”: The transformation of data into a form that offers a low probability of assigning meaning without the use of a protective process or key
3. “Financial Institution”: The modified definition includes any institution engaging in an activity that is financial or incidental to such financial activities
4. “Information Security Program”: The safeguards used to access, collect, distribute, process, protect, store, use, transmit, dispose of, or otherwise handle customer information
5. “Multi-Factor Authentication”: Authentication through verification of at least two types of factors: knowledge, possession, or inherence
6. “Penetration Testing”: A test methodology involving assessors attempting to circumvent or defeat the security features of an information system
7. “Security Event”: An event resulting in unauthorized access to, or disruption or misuse of, an information system, information stored on such an information system, or customer information held in physical form

Implementing a Reasonable Information Security Program

The FTC expects financial institutions to establish a reasonable information security program, which involves:

1. Appointing a qualified individual to oversee the program
2. Conducting a thorough risk assessment to identify potential security risks
3. Designing and implementing appropriate security measures to address identified risks
4. Regularly testing and monitoring the effectiveness of these security measures
5. Adjusting the security program in response to testing, monitoring, or any material changes in business operations
6. Ensuring third-party service providers are also compliant with the Safeguards Rule
7. Periodically reviewing the program to ensure its continued effectiveness

Alliance Technology Partners can help your organization develop, implement, and maintain a reasonable information security program compliant with the new FTC Safeguards Rule.

Seeking Assistance from Alliance Technology Partners

Alliance Technology Partners is committed to helping businesses stay up-to-date with the ever-evolving cybersecurity landscape. By partnering with this expert team, you can ensure that your organization has the necessary technology, processes, and policies to meet the FTC Safeguards Rule requirements. With a proactive approach, you can minimize potential risks and ensure the privacy and security of your customers’ data.

Conclusion

The new FTC Safeguards Rule is a crucial step toward improving the security of customer information within the financial sector. Businesses must assess their status as a financial institutions, understand the new definitions and requirements, and establish a reasonable information security program. By partnering with Alliance Technology Partners, you can secure your organization’s compliance with the new rule and protect your customers’ data from potential threats. Don’t wait until the deadline approaches – start preparing for the new FTC Safeguards Rule today.