The New FTC Safeguards Rule: Why Your Business May Be About To Be Regulated as a Financial Institution
·15 May 2023
Did the FTC just classify your business as a Financial Institution under its new Safeguards Rule?
Officially known as “Standards for Safeguarding Customer Information”, the Federal Trade Commission (FTC) Safeguards Rule implemented specific sections of the Gramm-Leach-Bliley Act (GLBA) effective May 23, 2002. In June of 2022, the FTC enacted a significant set of changes to the original Safeguards Rule that stood for nearly 20 years.
It should come as no surprise that, given continuous technological advancement and an equally evolving threat landscape, the new requirements are much more rigorous. The surprise, however, is that the new rule significantly broadens the definition of “Financial Institution”, and thereby the organization types to which the rule applies:
- Auto Dealerships
- Real Estate Appraisers
- Accounting or Tax Preparation Services
- Title Agencies
- Mortgage Brokers
- Personal Property Appraisers
- Check cashing businesses
- Credit Counseling Services
- Investment Advisory Companies
The new Rule goes into effect on June 9, 2023 with a stated goal of protecting consumer privacy, and reducing the likelihood of financial loss and identity theft.
Non-compliance can be expensive, with fines reaching $46,000+ per violation and settlements of FTC-backed class action lawsuits often exceeding $1,000,000. Harder to quantify, though no less costly, is the reputational damage that typically follows a data breach or compliance enforcement action.
In the new Rule, the FTC has set forth 15 requirements that impacted organizations must comply with. These requirements range from the designation of a Qualified Individual to the complexities of maintaining and testing a comprehensive Incident Response plan.
In short, the new FTC Safeguards Rule is not to be taken lightly and executives who fail to recognize its seriousness, do so at their own peril.
Thankfully, you do not have to do it on your own. We’ve prepared an Executive Guide to the FTC Safeguards Rule to walk you through the 15 requirements, including recommendations on how to comply with each of them. Our Guide goes a step further, by helping to outline a strategy for maintaining compliance once it has been achieved.
As the deadline looms closer, it’s still not too late for impacted organizations to get started. Download your free copy of our Executive Guide to the FTC Safeguards Rule now.