FTC Revises Safeguards Rule: Does It Affect You?

PK Tech Blog Image

Do you need to revisit your cybersecurity plan? That’s a valid question. This blog will cover recent changes to the FTC Safeguards Rule and what you need to know, based on your industry.

The FTC recently hosted a national forum, asked for public comments, and reviewed commentary from consumers and businesses. The result is a revised Standards for Safeguarding Customer Information, also often referred to as the Safeguards Rule.

What does the new Safeguards Rule require? 

In a nutshell, the rules require financial institutions within the FTC’s jurisdiction to have proactive measures that work to protect customer information and keep it secure. 

Who’s covered by the Safeguard rules? 

Don’t be fooled when you read “financial institutions.” The actual umbrella of the Safeguard rules is much larger than it sounds–an entity is considered a “financial institution” if it’s engaged in an activity that is “financial in nature” or is “incidental to such financial activities.” So if you’re thinking that because my business isn’t a bank, I’m good, think again. The Rules may still apply to you. Here are some examples of institutions that would fall under the Rules: 

  • Accountants
  • CPAs / Tax preparation firms
  • TPAs
  • Financial advisors
  • Wire transferors
  • Travel agencies operated in connection with financial service
  • Mortgage lenders
  • Payday lenders
  • Finance companies
  • Mortgage brokers 
  • Finance companies
  • Account servicers
  • Check cashers
  • Collection agencies
  • Investment advisors (ones that are not required to register with the SEC)

Do I need to revisit my cybersecurity plan? Ask yourself these two key questions:

  1. Has your information security program been updated within the last year? 
  2. Have you updated your information security program to reflect the revisions to the Rules (effective January 2022)?

If the answer to either or both of these questions is “no,” it’s time to take a closer look at what your organization is doing to prioritize cybersecurity. This new publication is an important reminder of the responsibility of financial institutions to ensure their business practices reflect current protocols and laws and address new security risks. 

Additional information from the FTC:

Preventative Cybersecurity With PK Tech

If this blog has made you realize that it might be time for a cybersecurity update, good for you! Prevention is the name of the game when it comes to cybersecurity. At PK Tech, we work with small to medium-sized businesses in the Greater Phoenix Area to provide IT security assessments, ongoing support, and help on special consulting projects. To get in touch with our team, contact us here