What is the FTC Safeguards Rule?

The Federal Trade Commission (FTC) updated GLBA in 2003 with the first FTC Safeguards Rule. Those requirements were updated again in 2021 and are being rigorously enforced.

The FTC Safeguards Rule requires covered entities to implement and maintain reasonable administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of customer information.

The penalty can be steep–up to $11,000 per day per each violation. Other financial penalties can be assessed per day per violation for regular violators.

So, the first thing to do is determine if you are
required to meet the regulations.

The amendment to the FTC Safeguards Rule changed the definition of “financial institution”
to specify the types of businesses that must comply, including:

  • Auto Dealerships
  • Mortgage Lenders
  • Tax Preparation Firms
  • Payday Lenders
  • Check Cashers
  • Finance Companies
  • Collection Agencies
  • Credit Counselors
  • Non-Federally Insured Credit Unions
  • And any other business that collects client financial data, or affects people's ability to access financial products or financial services.
The requirements address both physical and digital representations of customer information maintained by the covered business as well as any support services or software used to conduct their business. In short, businesses need to know where customer information is stored, processed or transmitted, who has access to that information, and how the business is protecting that information.
And that can be a lot to handle.

To get started, Duffy Compliance has created a straight-forward

checklist to meet the FTC Safeguards Rule.


[ click image to download PDF ]

We help you navigate through regulatory compliance by removing the stress of the unknowns. We make sense of complex cybersecurity and compliance jargon and create best practices for you.

Contact Duffy Compliance today. We can help as a Fractional Compliance OfficerCUI complianceCMMCCyber Security Awareness TrainingSupplier Performance Risk System (SPRS) Consulting, and, of course, compliance with the FTC Safeguards Rule.