The Federal Trade Commission, or FTC, has put together a Safeguard Rule to help establish guidelines for how businesses store and interact with customer information. Enacted in 2003, this rule was recently revamped in 2021 to stay relevant with the latest technology used by businesses. Let’s look at some of the policies and procedures that your business needs to know about the FTC Safeguard Rule.

What is the FTC’s Safeguard Rule?

The Safeguard Rule is a mandate put in place to protect personal information. Those impacted by this rule include financial institutions like mortgage lenders, payday lenders, finance companies, mortgage brokers, account servicers, check cashers, wire transferors, collection agencies, credit counselors, and other financial advisors, tax preparation firms, non-federally insured credit unions, and investment advisors that aren’t required to register with the SEC.

Compliance with the FTC Safeguard Rule involves applicable financial institutions writing out their information security program and having it address specific metrics. This plan must also be appropriate for the size and scope of the business, and it must be tailored to the specific type of information that the organization is responsible for.

With the Safeguard Rule in place and governing how businesses manage sensitive information, it should technically address challenges such as the security and confidentiality of customer information, threats to the integrity of this information, and protection from unauthorized access, theft, or destruction of that data, as well as any problems it might cause for the customer.

You Can Build an FTC-Compliant Security Platform Too

When you get into the details, the reality is that there is nothing in the FTC Safeguard Rule that you shouldn’t already be doing for your customer data. Here is a quick rundown that the FTC recommends for businesses that want to make sure their networks are FTC-compliant.

  1. Designate a qualified individual to oversee organizational data security.
  2. Conduct a comprehensive risk assessment.
  3. Design and deploy necessary safeguards outlined in the risk assessment.
  4. Monitor system and regularly test it.
  5. Train employees in best practices of data security and privacy.
  6. Oversee any third-party’s access and control.
  7. Regularly update the security program to keep it current. 
  8. Create a written response plan for necessary continuity. 

Need a Hand?

RedRock Information Security knows network security and compliance laws like the back of our hands. To learn more about how we can support your business’ efforts, reach out to us at (616) 534-1500.

Information Technology Aligned With Your Business Goals?
RedRock is a complete IT services & IT support company working with organizations in Michigan.