FTC to Enforce Information Security with Safeguards Rule

       We have been talking about it for years, but we still feel like Information Security threats are outpacing Information Security protections by leaps and bounds. Fortunately, the FTC is continuing to try to improve the Information security of your sensitive data.

In this article from the Federal Trade Commission (FTC) they outline what they are trying to do to enforce and improve information security.  


They FTC made changes to the FTC Safeguards Rule, originally made in 2003, in December of 2021. The FTC will require the new guidelines to be met by December 9th, 2022.

Overall the rules have changed to enforce for information security practices surrounding financial institutes, or anyone dealing with financial information.

Some of the reasonable information security programs are as listed;

  1. Designate a qualified individual to implement and supervise your company’s information security program. 
  2. Conduct a risk assessment
  3. Design and implement safeguards to control the risks identified through your risk assessment.
  4. Regularly monitor and test the effectiveness of your safeguards
  5. Train your staff
  6. Monitor your service providers
  7. Keep your information security program current
  8. Create a written incident response plan
  9. Require your Qualified Individual to report to your Board of Directors

You can find all the pertinent information by following the link to the FTC article discussing the safeguards changes.

FTC Article

If you have any questions or concerns contact our support team today!



Like this article?

Share on Facebook
Share on Twitter
Share on Linkdin
Share on Pinterest