FTC Safeguards Rule: What It Is and How To Be Compliant

Published: December 29, 2022

Though there is a petition to extend the deadline to December 2023, the current date set by the FTC to be compliant with the Safeguards Rule is June 9, 2023. However, companies should start implementing compliance strategies now. Failure to comply could result in hefty fines from the FTC, up to $50,000 per violation, or class action lawsuits.


What Is The FTC Safeguards Rule?

The FTC’s Standards for Safeguarding Customer Information (the Safeguards Rule) originally took effect in 2003. The rule was then amended in 2021 after public comment on keeping it up to date with current technology. This requires financial institutions to implement and maintain a cybersecurity program to protect sensitive client/customer information.

What Businesses Need To Be Compliant?

The FTC’s Safeguards Rule requires any “Financial Institution” to comply. In this case, the term “finance” refers to any business that handles customer financial data through lines of credit, loans, or general financial information. These businesses include:

  • Car dealerships
  • Collection agencies
  • Property or real estate appraisers
  • Any retailers that provide store credit cards
  • Accountants, CPAs & tax preparation services
  • Mortgage brokers
  • Credit unions
  • Any business that wires money between consumers
  • Credit or financial counselors 

This list is not all-encompassing. If you’re unsure if you qualify as a financial institution in the eyes of the FTC, check their definition. This definition may change over time as business operations evolve with changing technologies.

How Can I Make My Business Compliant?

The Safeguards Rule has a lot of requirements to maintain compliance. While that might feel overwhelming, the list of security threats against businesses that handle financial information is constantly growing. This is something you don’t want to put off until the last minute. Part of the requirements is constant network monitoring, regular pen testing, and annual reporting. If you have any service providers that also have access to this information, they must also be compliant. Save yourself from potential fines and lawsuits, start working towards compliance today. 

For more information on the Safeguards Rule and a full list of compliance requirements, visit the FTC’s blog on the Safeguards Rule: What Your Business Needs to Know.

Accent Consulting can help you implement an information and data security program to ensure that your organization maintains compliance with the FTC’s Safeguards Rule. Call 877.426.1337 or visit our FTC Safeguards Rule Compliance page to set up an appointment.

Reach Out To Us

Recent Posts

Schedule a Free Network Assessment

A network assessment is an in-depth analysis of your current IT infrastructure that provides you with a comprehensive understanding of your existing environment and recommends improvements such as network consolidation, simplification, or automation.

Learn More