The FTC Safeguards Rule took effect in 2003. It requires non-banking financial institutions, such as mortgage brokers, motor vehicle dealers, and payday lenders, to develop, implement, and maintain a comprehensive security program to keep their customer’s information safe.
The Rule was amended in 2021 to keep up with evolving technology. It provides more concrete guidance for businesses and the core data security principles they need to implement.
The FTC approved the changes to the Safeguards Rule in October 2021. Originally, the new provisions were set to go into effect on December 9, 2022 but this was extended to June 9, 2023.
The provisions of the updated rule include the following requirements:
FTC Safeguards Rule: What Your Business Needs to Know
Resource from the FTC
Helping organizations to better understand and improve their management of cybersecurity risk
CFPB Consumer Financial Protection Circular
Insufficient data protection
or security for sensitive
Definition of important terms used in the FTC Safeguards Rule.