WHAT IS THE FTC SAFEGUARDS RULE?
FTC Safeguards Rule was implemented in 2003 to ensure businesses handle customer information properly and keep it safe from misuse. In 2021 it was updated to account for advances in technology and a growing interaction between business systems and consumer information. You will learn who is covered by the safeguard rule, what an information security program looks like, and what this all means for auto dealerships.
The FTC Safeguards Rule is a set of updated regulations announced by the Federal Trade Commission in late 2021 that requires financial institutions to develop and implement a comprehensive information security program. The Safeguards Rule is an integral part of the FTC’s efforts to protect the security, confidentiality, and integrity of customer-sensitive information from cyberattacks, identity theft, and other forms of fraud. Beginning December 9, 2022, the FTC Safeguards Rule will officially take effect, and all financial institutions, including “non-banking financial institutions” like auto dealerships, will be required to prove their compliance.
The rule applies to all businesses that collect or maintain sensitive customer information, including large institutions like banks, credit card companies, and small businesses. The FTC has enforcement authority over the safeguards rule and can punish companies failing to comply with the rule requirements.
The revised safeguards rule is the FTC’s update to the Gramm-Leach-Bliley Act (GLBA), implemented in 1999.
BASIC INFORMATION SECURITY PROGRAM
The newly updated regulations require “financial institutions” to implement a basic information security program to include written policies, procedures, and guidelines that an organization uses to protect its customer information. The businesses falling under this very broad definition of “financial institution” must have simple yet comprehensive program plans for managing access to data, detecting and responding to security incidents, security awareness training, and risk management. Additionally, the program sets forth the roles and responsibilities of the security team. The goal of an information security program is to protect information from unauthorized access or data breaches and can be an important part of an organization’s overall security strategy. At WOM Technology Management Group, our base Centurion Cyber Security plans include all measures required by the Gramm-Leach-Bliley Act (GLBA) or FTC Safeguards Rule. The simple outline of the information security program requirements are as follows:
- Access Controls
- Inventory Management
- Encryption for Data In-Motion and Data At Rest
- Application Security
- MFA (Multi-Factor Authentication)
- Data Disposal
- Change Management
Read the full FTC.gov article here: https://www.ftc.gov/business-guidance/resources/ftc-safeguards-rule-what-your-business-needs-know