Safeguarding customer information is as important as ever, with “75% of security professionals observing an increase in cyberattacks over the past year” (Source).  The Federal Trade Commission (FTC) recognizes this criticality and enforces the Safeguards Rule, a regulation designed to protect consumers by ensuring robust security practices at financial institutions.

We understand the importance of compliance and want to empower businesses with a clear understanding of the Safeguards Rule’s goals and its implications.

What is the FTC Safeguards Rule?

Enacted in 2003 under the Gramm-Leach-Bliley Act (GLBA), the Safeguards Rule mandates that financial institutions under FTC jurisdiction establish and maintain a comprehensive information security program. This program must encompass a combination of administrative, technical, and physical safeguards to protect “customer information.” This term refers to any non-public personal information about a customer, such as Social Security numbers, account details, and transaction history.

The Rule emphasizes a flexible and risk-based approach. This means companies can tailor their security programs to their specific size, complexity, and risk profile. However, the core principles remain consistent:

  • Developing and maintaining a written information security program outlining security policies, procedures, and employee training.
  • Implementing administrative safeguards such as data access controls, employee background checks, and information security awareness training.
  • Employing technical safeguards like encryption for sensitive data, firewalls to prevent unauthorized access, and intrusion detection systems to monitor for security breaches.
  • Establishing physical safeguards to secure physical locations where customer information is stored, including access control measures and environmental controls (e.g., proper temperature and humidity).

Recent Enhancements to the FTC Safeguards Rule

The FTC has recognized the evolving cyber threat landscape and subsequently enacted the Safeguards Rule in 2023 These revisions aimed to strengthen the existing framework by providing more specific guidance for businesses. The key changes include:

  • Heightened focus on risk assessments: You may now be required to conduct more comprehensive risk assessments to identify and address potential vulnerabilities in their systems and data storage practices.
  • Emphasis on encryption: The revised rule emphasizes the importance of encryption for both data at rest (stored data) and data in transit (being transmitted).
  • Increased accountability for service providers: The Rule now explicitly requires you to ensure your service providers also maintain adequate safeguards for any customer information entrusted to them.

Who Does the Safeguards Rule Apply To?

The Safeguards Rule applies to a broad range of financial institutions under FTC jurisdiction, not registered with the SEC, including:

  • Banks and credit unions
  • Mortgage lenders and brokers
  • Payday lenders
  • Check cashers
  • Account services
  • Collection Agencies
  • Investment advisors
  • Real estate appraisers
  • Travel agencies
  • Colleges and Universities
  • Investment advisors
  • Fintech companies
  • Tax preparers
  • Auto dealers (for financing purposes)

It’s important to note that the Rule does not apply to all businesses that handle financial data. If you’re unsure whether your business qualifies, feel free to reach out to us and we can help determine your eligibility.

Partnering with Kyber Security for Safeguards Rule Compliance

Navigating the intricacies of the Safeguards Rule can be a complex task. Kyber Security offers a comprehensive suite of services to support businesses of all sizes in achieving and maintaining compliance:

  • Security assessments and gap analysis: We can identify potential vulnerabilities in your current security posture and recommend the most effective strategies for addressing them.
  • Implementation and maintenance of security programs: Our team of experts can assist in developing and implementing a tailored information security program that aligns with the Safeguards Rule.
  • Ongoing monitoring and compliance support: We offer ongoing monitoring to detect and address evolving threats, along with expert guidance to ensure continued compliance with the Safeguards Rule.

By partnering with Kyber Security, you can gain peace of mind knowing your customer information is well-protected. We empower you to focus on growing your business while we handle the critical task of safeguarding your valuable assets.

Remember: Compliance with the Safeguards Rule is not a one-time effort. It’s an ongoing process