The Federal Trade Commission recently extended the deadline, from December 9, 2022, to June 9, 2023, for compliance with the most stringent requirements of its latest rulemaking, revisions to the Safeguards Rule under the Gramm Leach Bliley Act (“the GLBA”).
The GLBA, which was implemented over 20 years ago, defines how businesses gather, use, and share certain financial information about their customers. The Safeguards Rule establishes certain data security requirements for how a business stores that information. The forestalled revisions to the Safeguards Rule include new requirements for covered companies to:
- designate a qualified person to oversee their information security program,
- develop a written risk assessment,
- limit and monitor who can access sensitive customer information,
- encrypt all sensitive information,
- train security personnel,
- develop an incident response plan,
- periodically assess the security practices of service providers, and
- implement multi-factor authentication or another method with equivalent protection for anyone accessing customer information.
While there is more time to put these people and practices in place, doing so will not be a simple task.
Businesses should also be mindful that the GLBA and the Safeguards Rule apply to more than just banks and investment houses. Any business whose activities are “financial in nature or incidental to a financial activity” may fall under the regulation; such businesses include, but are not limited to, insurance companies, mortgage lenders and brokers, car dealers, payday lenders and finance companies, collection agencies, credit counselors and other financial advisors.
Contact your Fraser attorney today if you have any questions regarding your business’s duty to comply with these new rules.
Robert D. Burgee is an attorney at Fraser Trebilcock with over a decade of experience counseling clients with a focus on corporate structures and compliance, licensing, contracts, regulatory compliance, mergers and acquisitions, and a host of other matters related to the operation of small and medium-sized businesses and non-profits. You can reach him at 517.377.0848 or at firstname.lastname@example.org.
Edward J. Castellani is an attorney and CPA with Fraser Trebilcock with over three decades of experience handling business transactions. He may be contacted at email@example.com or 517-377-0845.
2 thoughts on “FTC Safeguards Rule Deadline Extended, But Don’t Wait to Implement Data Security Compliance Protocols”