FTC Safeguards Financial Institutions Rule

FTC logo blue.svg

FTC Issues Guidance on the Revised Safeguards Rule:

The Time for Dealers to Act is Now

By now, everyone should be aware of the fact that the Federal Trade Commission has issued some fairly complicated amendments to its Safeguards Rule. These amendments will require those people covered under the rule to address a number of technical and procedural issues in order to provide adequate protection for personal and consumer data.  

All these steps must be in place by December 9th, 2022, and that leaves very little time for affected individuals to get the work done. Obviously, the time to address these issues is now, if you haven’t already begun to do so.

What You Need To Know

The main points covered by the amendments to the Safeguards Rule include all the points described below. The sooner you can get these improvements in place, the better chance you have of complying in time with the Federal requirements.



Qualified Individual – each dealer must appoint a qualified individual to carry out and supervise your information security program.

Risk Assessment – a risk assessment must be carried out to identify points of vulnerability, so they can be addressed immediately by your team.

Implement Safeguards To Manage Risk – some of the safeguards you should be putting in place include a review of Access Control, knowing what information you have and where it’s stored, encryption of stored data both where it resides and when it’s in transit, a thorough assessment of your in-house apps and third-party apps, multi-factor authentication for information access, a secure method of disposing of customer information, allowing for change implementation on your information system, maintaining a log of authorized activity as well as unauthorized activity, monitoring and testing your safeguards.

Staff Training – since employees are often the weakest point in any security system, employees need to be trained, and that training needs to be periodically refreshed so the training can sink in.

Monitor Service Providers – anyone you do business with must have the same safeguards in place that you are required to.

Information Security Program Currency – your program must be kept current at all times, and that means applying whatever updates are necessary when they are necessary.

Incident Response Plan – each dealer must have a formal written incident response plan which identifies the personnel on the response team, as well as what their approach will be to resolving incidents.

Report To Board Of Directors – whomever you have designated as you’re Qualified Individual must provide an annual report to the Board of Directors (or at least senior management) on the status of your information security system. 

To Ensure Full Compliance

The points outlined above constitute the main thrust of the FTC Safeguards Rule amendments, and they will give you a good idea about what you have to do in order to achieve compliance. However, you should also consult the actual FTC publication, so that you can be aware of all the details associated with each of these points. It’s better that you follow the step-by-step guide by the FTC itself, so there’s no question about whether or not you are in full compliance with the requirements.

You can download the document itself and use it as your guideline for the implementation of your information security system. Keep in mind that there is not much time left before all this has to be in place, so if you haven’t already begun your efforts to achieve compliance, you need to begin immediately.

Auto Dealer

Most businesses have enough issues they are obliged to comply with without having a whole new set of them imposed by the federal government. However, if you just consider this one more cost of doing business, and just take your lumps, you can get the work done. Once you have all this in place, it will be an easy matter to simply continue monitoring the information provided by your system. This will give you much more confidence that your customer data is being fully protected, so you can retain the trust of all your loyal customers.

Ready to start conversation about your

FTC Safeguards Rule needs?

Talk to us now.

Contact an Advisor!

Cybersecurity Services

Ransomware Attack Simulation

Web Application Security

External Vulnerability Assessment

Internal Vulnerability Assesssment

Penetration Testing

Web Application Assessment

Managed Defense, Discover & Remediate

Working From Home

Email Security

Backup & Recovery


FTC Safeguards Financial Institutions Rule

23 NYCRR 500 DFS Compliance

Get a Free Evaluation

Fast and Easy Ransomware Risk Score Evaluation




Case Studies


Privacy Policy