FTC Safeguards Rule 2023
The purpose of the Safeguards Rule, is to protect the security of customer information. It reflects core data security principles that all covered companies need to implement.
Who’s covered by the FTC Safeguards Rule?
The Safeguards Rule applies to financial institutions subject to the FTC’s jurisdiction and that aren’t subject to the enforcement authority of another regulator under section 505 of the Gramm-Leach-Bliley Act. Some examples of that are:
What does the Safeguards Rule require companies to do?
Safeguards designed to protect customer information
What Customer Information needs to be protected?
“any record containing nonpublic personal information about a customer of a financial institution, whether in paper, electronic, or other form, that is handled or maintained by or on behalf of you or your affiliates.”
Your information security program must be written and it must be appropriate to the size and complexity of your business, the nature and scope of your activities, and the sensitivity of the information at issue.
What are the requirements of “Information security program”?
9 elements that your company’s information security program must include:
