Explained: FTC Safeguards Rule Compliance Deadline Delayed

Avatar photo
Steven Brown

Many companies are facing personnel shortages and supply chain issues that make the December 2022 FTC Safeguard Rule compliance deadline difficult. In response to the current situation and industry lobbying, the FTC extended the compliance deadline to June 9, 2023. While companies might be breathing a sigh of relief, they shouldn’t ignore the vital safety requirements the entire Safeguards Rule covers. Portions of the rule will soon apply to auto dealership cybersecurity and mortgage broker cybersecurity.

Mortgage Brokers and Auto Dealerships Can Now Wait Until June to Implement the Entire FTC’s Safeguards Rule – But Should They?

Sixty-four percent of companies worldwide have experienced at least one form of a cyberattack. As attacks become increasingly prevalent, responsible companies must take every precaution. The average data breach cost in 2022 for U.S. businesses is $9.44 million. While becoming compliant may seem like a hassle, paying a ransom, costly restorations to networks, or expensive lawyers and PR firms to repair your reputation could bring a business to its knees.

Auto dealerships, mortgage lenders, financial planners, and many other businesses considered “financial institutions” by the FTC have been scrambling to become compliant and avoid financial penalties. The provisions in the FTC Safeguards rule are critical safety measures every business should implement. Don’t let the extended deadline become an excuse to postpone necessary actions that keep your and your customers’ data safe. It takes time to implement the compliance requirements so start preparing now. The sooner your organization becomes compliant, the safer your data and your customers are.

The FTC Safeguards Rule Strengthens Data Security Safeguards

Companies covered by the Safeguards Rule must put provisions in place to protect customers’ personal information. Without these provisions, companies and their customers are vulnerable to security breaches and the potential for hackers to access sensitive data and allow it to end up in the wrong hands.

Last year the FTC updated the Safeguards Rule and shared a publication, FTC Safeguards Rule: What Your Business Needs to Know, with detailed requirements for covered businesses.

The six-month extension applies to the following provisions:

  • Designate a qualified individual to oversee their information security program.
  • Develop a written risk assessment.
  • Limit and monitor who can access sensitive customer information,
  • Encrypt all sensitive information.
  • Train security personnel.
  • Develop an incident response plan.
  • Periodically assess the security practices of service providers.
  • Implement multi-factor authentication or another method with equivalent protection for anyone accessing customer information.

Detailed information about all the provisions can be found on the Federal Register Notice, and the FTC website also offers additional resources on the Safeguards Rule and Data Security. Each provision is an integral part of protecting sensitive information.

Cybersecurity threats are real, and breaches happen to businesses of all sizes. Taking protective measures now could prevent unimaginable damage to your business later.

If your company struggles to comply with the new rule, Airiam can help. We offer a free FTC safeguards assessment to help determine where your company stands regarding the law and protecting customer information. It can be challenging to accomplish compliance solely with an in-house team. Airiam’s experts work with organizations to determine where they need outside assistance to ensure compliance. Reach out to us if you’d like to discuss how the FTC Safeguards Rule impacts your business and what you need to do to avoid fines and potential breaches of sensitive data.

New Resources In Your Inbox

Get our latest cybersecurity resources, content, tips and trends.

Other resources that might be of interest to you.

XDR – Advantages From a Wider View

Endpoint Protection Isn’t Enough There are hundreds of great security products on the market, each filling specific needs and having pros and cons. Endpoint detection and response (EDR) is no exception. EDR finds and kills the threat on the endpoint, y
Avatar photo
Art Ocain
>>Read More

Podcast: 2023 Resolutions for Resilience

 Episode Summary People often make resolutions and set goals for the new year. In our first episode of 2023, we sat down with 13 IT and cybersecurity experts from Airiam, Secureworks, and Corvus Insurance. We wanted to know what their resolutions are
Avatar photo
Bill Bowman
>>Read More

Customer Success Story: Blue Water

Personalized IT Support Helps Blue Water Serve Vacationers Blue Water is a real estate development company headquartered in Ocean City, Maryland. The company specializes in hospitality and outdoor recreation. The campgrounds that Blue Water run delight
Avatar photo
Bill Bowman
>>Read More