The Federal Trade Commission (FTC) has extended the deadline for companies to comply with some of its data security requirements. The new deadline, now June 9, 2023, allows businesses more time to implement the enhanced safeguards outlined in the Safeguards Rule and protect their customers’ personal information. If you’re a financial business, this rule is probably something you need to worry about.
The FTC noted that while many companies have already taken the necessary steps to comply with the new requirements, the extension should help make sure everyone has enough time and resources to do so. The extended timeframe also allows companies to prioritize other important projects without worrying about rushing to meet their data security deadlines.
The FTC encourages companies of all sizes, from small businesses to large corporations, to take the necessary steps to ensure their customers’ data is secure. Companies should review and update their privacy policies, implement new safeguards when needed, and periodically perform security audits or hire a certified third-party auditor and an IT provider for financial businesses.
The Safeguards Rule
The Safeguard rule, for those who don’t yet know, requires certain businesses to develop, implement, and maintain a comprehensive security program to keep their customers’ information safe. These businesses will include:
- Non-banking financial institutions (e.g. mortgage brokers and payday lenders)
- Motor vehicle dealers
- Certain types of businesses that share sensitive data
By taking these steps, companies can help protect their customers’ personal information from fraudsters, hackers, and other malicious actors.
Why the Extension?
The FTC is extending the deadline due to reports of a shortage of qualified personnel, supply chain issues, and difficulties exacerbated by the COVID-19 pandemic. These issues may make it difficult for financial institutions, particularly small ones, to come into compliance by the original deadline. Because of the pandemic, many businesses have had to shift focus and resources away from data security.
The extension is meant to give companies the extra time they need to properly implement the Safeguards Rule without having to worry about rushing or cutting corners.
Requirements
The updated rule affected by the six-month extension includes requirements that cover financial institutions. These requirements include:
- Assign an individual to oversee the security program
- Craft a written risk assessment in order to identify and address potential risks
- Restrict access to sensitive customer information
- Encrypt all sensitive data
- Train security personnel
- Develop an incident response plan
- Periodically assess the security practices of service providers
- Utilize multi-factor authentication or another method with equivalent protection for any individual accessing sensitive data
You Need a Provider that Specializes in IT for Financial
The FTC is providing businesses affected by the Safeguards Rule with a six-month extension to help ensure that their customers’ personal data is secure and protected. Companies should take advantage of this extra time to review their security policies, update or implement new safeguards, train personnel, and perform periodic audits. By properly abiding by the requirements of the Safeguards Rule, businesses can help protect their customers’ data from malicious actors.
If you or your business are finding it difficult to navigate the complex road to compliance with this new Safeguard Rule, INSC is here to help. With our managed IT for financial industries services and expertise, we can help make sure your business is up to date on the latest developments in data security and compliant with all applicable laws.
Contact us today to learn how INSC can help you take the necessary steps for safeguarding customer information.