The Federal Trade Commission has extended the deadline for businesses to adhere to some of the adjustments it made to improve the data security measures financial institutions are required to protect personal information of their customers. The new criteria must be complied by June 9, 2023.
The FTC Safeguards Rule took effect in 2003. It requires non-banking financial institutions, such as mortgage brokers, motor vehicle dealers, and payday lenders, to develop, implement, and maintain a comprehensive security program to keep their customer’s information safe.
The Rule was amended in 2021 to keep up with evolving technology. It provides more concrete guidance for businesses and the core data security principles they need to implement.
The FTC approved the changes to the Safeguards Rule in October 2021. Originally, the new provisions were set to go into effect on December 9, 2022 but this was extended another six months.
The provisions of the updated rule include the following requirements:
The new provisions required under the Safeguards Rule may have some businesses worried about the costs. Audits, trainings, new technologies and processes costs can add up. It is estimated that for an organization to be fully compliant with the FTC Safeguards Rule, the average cost would be $250,000 annually. As a Managed Service Provider, we can help eliminate some of those costs.
The costs of not complying and having a security incident occur can cost much more. Businesses lose an average of $14.8 million dollars per business event because of business disruption, productivity losses, revenue losses and fines and penalties.
The following is a list of the possible legal ramifications of non-compliance to the FTC Safeguards Rule:
Many organizations do not have the staff, time or resources available to make sure that they comply with the new provisions of the FTC Safeguards rule. Absolute Performance has several years of experience in compliance and security measures and protocols.
With our Cyber Health Plans, we can help provide continuous assessments using the latest attack methods and tools. We, also provide periodic checkups to see how healthy your IT environment is. Contact us today to find out how we can help your organization comply with the new guidelines.