Revised FTC Safeguard Rules

The FTC enforced it’s own Safeguard rule in 2003. This October they have revised their rules and are placing the revisions into effect on December 9th 2022. The FTC has made changes to this rule to ensure there is absolutely zero doubt of the minimum requirements. There will be strict enforcement of the new rules with stiff penalties if they are not followed accordingly.

The Requirements

  • The designation of a “Qualified Individual” to implement, oversee, and enforce administrative, physical, and technical safeguards
  • Mandatory and documented employee training
  • Creation and management of the following documents:
    • A risk assessment
    • An information security program
    • An incident response plan
    • An annual report to the board of directors (or equivalent executive management)
  • IT requirements:
    • Enabling multi-factor authentication (MFA) on systems containing customer information
    • Encrypting systems containing customer information
    • Performing:
      • Continuous monitoring of information systems
        • Absent effective continuous monitoring, annual penetration testing and vulnerability scans at least every 6 months
  • Ongoing monitoring of:
    • Access controls to documents and data
    • Customer information storage
    • Disposal procedures
    • Change management procedures
    • Security practices
  • Assessing the risks of vendors with access to customer information, and contractually requiring them to meet or exceed the Safeguards Rule standards

Dealers with consumer volume less than 5,000 will not need to do the following: Create a written risk assessment, written incidence response plan, written annual report, conduct continuous monitoring of systems, Penetration testing, or vulnerability scans.

You will need to meet Data & Record retention requirements, so data and documents cannot be immediately purged. It is recommended that you assemble a team to periodically collaborate to identify potential risks.

For more information please read the article posted by “Compliance Guidance” at the link below! Keep yourself and your consumer protected!

Leave a Reply

Your email address will not be published. Required fields are marked *