The Federal Trade Commission (FTC) has announced an extension to the compliance deadline for certain revised provisions of the Safeguards Rule, which is designed to protect the security and confidentiality of customer information held by financial institutions. The new deadline for compliance is now June 2023, giving companies more time to ensure they are in full compliance with the updated requirements.
The Safeguards Rule, which was originally implemented in 2003, requires financial institutions to develop, implement, and maintain a comprehensive information security program to protect the security, confidentiality, and integrity of customer information. The rule applies to a wide range of financial institutions, including banks, credit unions, and nonbank lenders.
In March 2019, the FTC announced proposed changes to the Safeguards Rule to better align with current technology and data security threats. The proposed revisions included expanding the definition of “financial institution” to encompass a wider range of businesses that handle consumer financial data, and requiring more comprehensive security measures to protect against cybersecurity threats.
After receiving feedback from stakeholders, the FTC finalized the revisions in December 2019, with the original compliance deadline set for November 2022. However, recognizing the challenges businesses face in implementing the updated requirements, the FTC has extended the deadline to June 2023.
The extension gives financial institutions and other covered businesses additional time to assess their current information security programs, identify any gaps or areas for improvement, and implement the necessary changes to achieve compliance with the revised Safeguards Rule.
In a statement announcing the extension, the FTC emphasized the importance of protecting consumer information in an increasingly digital and interconnected world. “Given the rapid changes in technology and the risk landscape, the commission believes this new deadline will provide covered entities with additional time to develop and implement the necessary safeguards to fully comply with the rule,” the FTC said.
The extension of the compliance deadline for certain provisions of the FTC’s revised Safeguards Rule provides businesses with the opportunity to ensure they are effectively safeguarding customer information against data breaches and cyber-attacks. By taking the time to review and update their information security programs, financial institutions and other covered businesses can demonstrate their commitment to protecting consumer privacy and data security.
As the new compliance deadline approaches, businesses subject to the Safeguards Rule should take proactive steps to evaluate their current information security practices, address any deficiencies, and establish robust safeguards to protect customer information. This may include conducting a thorough risk assessment, implementing encryption and other technological measures, training employees on data security best practices, and ensuring compliance with applicable state and federal laws.
Ultimately, the goal of the updated Safeguards Rule is to enhance consumer protection and reduce the risk of data breaches and identity theft. By extending the compliance deadline, the FTC is giving businesses the opportunity to strengthen their information security programs and safeguard customer information effectively. This, in turn, will help build trust and confidence among consumers, who expect their financial institutions to protect their sensitive personal and financial information.