Time is running out for financial institutions to comply under the Federal Trade Commission’s (FTC) recently revised Safeguards Rule.
The Safeguards Rule under the Gramm-Leach-Bliley Act (GLBA) requires covered entities to protect the security of customer information and was revised at the end of 2021 to broaden the definition of financial institutions and implement new requirements for information security programs, including more specific requirements related to data security, including encryption, penetration testing and multi-factor authentication.
Financial institutions will need to comply with GLBA’s Safeguards Rule by June 9, 2023.*
Among the revised changes going into effect, associated “financial institutions” now had a broader application under the Safeguards Rule and includes:
While not every provision of the Safeguards Rule is new, the FTC did take care to strengthen its compliance requirements, and even those institutions previously subject should review the full Rule to ensure effective compliance.
Under the new requirements, financial institutions and dealers must:
Specifically, when it comes to controlling risks that pose a threat to customer information, companies will need to implement strict security practices and tools to ensure compliance. This includes:
Institutions, including dealers, with less than 5,000 consumer records are exempt from complying with certain requirements, including the written risk assessment, incident response plan and Board of Directors reporting.
Financial institutions that fall under the purview of GLBA’s Safeguards Rule should act now to ensure full compliance with new information security program requirements. Omega’s managed IT compliance service, Smart Comply, acts a comprehensive compliance-as-a-service offering and can deliver the necessary discovery, assessments and advisory you need to streamline the FTC compliance process.
With data discovery & classification technology, vulnerability scanning, data auditing & a complete cyber risk assessment, you can effectively and efficiently meet new FTC compliance demands under the guidance of certified vCISOs with deep experience advising auto dealers and other financial institutions.
*The FTC’s original deadline of December 9, 2022 was extended by six months to allow companies additional time to meet the compliance requirements.