top of page

FTC Safeguards Rule Requirements, what is it, and what do you do?

The Revised FTC Safeguards Rule requires that your information security program meet these three objectives:

  • Ensure the privacy, security and confidentiality of customer information.

  • Protect against any anticipated threats or hazards to the security and/or integrity of customer information.

  • Protect against unauthorized access to or use of customer information that could result in substantial harm or inconvenience to any customer.

Eight required elements of the FTC Safeguards Rule

1. You must designate a “Qualified Individual” responsible for overseeing, implementing, and enforcing your information security program.

2. You must periodically conduct risk assessments to identify reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information. You must keep a written record of your risk assessments.

3. You must design and implement customer information safeguards to control the risks you identify through the risk assessment.

4. You must regularly test or otherwise monitor the effectiveness of the safeguards’ key controls.

5. You must implement policies and procedures to ensure that your personnel are able to enact your information security program.

6. You must oversee your service providers that have access to customer information.

7. You must establish a written incident response plan designed to assist in quickly responding to and recovering from a security incident involving the exposure of customer information.

8. Your Qualified Individual must report in writing, regularly and at least annually, to your board of directors or equivalent governing body.

What are the Penalties for not complying with the Revised Safeguards Rule?

The penalties for not complying with the Revised Safeguards Rule can be extensive—and expensive. The FTC can seek up to $46,517 per consent order violation. You could be subject to claims (including class action claims) under the “unfair and deceptive acts and practices” (UDAP) laws of the various states for failure to comply with the Safeguards Rule.

What's next, are you ready? Securadin can help!!
4 views0 comments


bottom of page