The New FTC Safeguards Rule:  Why Your Business May Be About To Be Regulated as a Financial Institution

Top Posts:

Subscribe To Our Monthly Newsletter

By submitting this form I agree to the Website Terms of Use and the C3 Privacy Policy.


The New FTC Safeguards Rule: Why Your Business May Be About To Be Regulated as a Financial Institution

Rick Mancinelli

Rick Mancinelli

·May 15 2023

Did the FTC just classify your business as a Financial Institution under its new Safeguards Rule?  

Officially known as “Standards for Safeguarding Customer Information”, the Federal Trade Commission (FTC) Safeguards Rule implemented specific sections of the Gramm-Leach-Bliley Act (GLBA) effective May 23, 2002. In June of 2022, the FTC enacted a significant set of changes to the original Safeguards Rule that stood for nearly 20 years. 

It should come as no surprise that, given continuous technological advancement and an equally evolving threat landscape, the new requirements are much more rigorous. The surprise, however, is that the new rule significantly broadens the definition of “Financial Institution”, and thereby the organization types to which the rule applies:

  • Auto Dealerships
  • Real Estate Appraisers
  • Accounting or Tax Preparation Services
  • Title Agencies
  • Mortgage Brokers
  • Personal Property Appraisers
  • Check cashing businesses
  • Credit Counseling Services
  • Investment Advisory Companies

The new Rule goes into effect on June 9, 2023 with a stated goal of protecting consumer privacy, and reducing the likelihood of financial loss and identity theft.

Non-compliance can be expensive, with fines reaching $46,000+ per violation and settlements of FTC-backed class action lawsuits often exceeding $1,000,000. Harder to quantify, though no less costly, is the reputational damage that typically follows a data breach or compliance enforcement action.

In the new Rule, the FTC has set forth 15 requirements that impacted organizations must comply with. These requirements range from the designation of a Qualified Individual to the complexities of maintaining and testing a comprehensive Incident Response plan.

In short, the new FTC Safeguards Rule is not to be taken lightly and executives who fail to recognize its seriousness, do so at their own peril.

Thankfully, you do not have to do it on your own. We’ve prepared an Executive Guide to the FTC Safeguards Rule to walk you through the 15 requirements, including recommendations on how to comply with each of them. Our Guide goes a step further, by helping to outline a strategy for maintaining compliance once it has been achieved.

As the deadline looms closer, it’s still not too late for impacted organizations to get started. Download your free copy of our Executive Guide to the FTC Safeguards Rule now.

Rick Mancinelli

About The Author

Rick Mancinelli is the CEO of C3 Complete, a technology consultancy he founded in 2009. He has nearly 30 years of experience in all phases of information technology management, including software development, network architecture, and corporate IT management.

Share it on social media

cities of operation

Miami · Fort Lauderdale · Boca Raton · West Palm Beach · Stuart · Orlando · Tampa · San Juan

Keep up with C3.

Keep up to date with our latest offerings, expansions, services, and more.

© 2024 C3. All rights reserved.

© 2024 C3. All rights reserved.