...

Stay Ahead of the Curve: New FTC Safeguards Demand Your Attention

Federal Trade Commission Building - New Safeguards

Today, we want to draw your attention to the safeguards introduced by the Federal Trade Commission (FTC) and why they matter to you.

The FTC safeguards, while not applicable to all businesses, it is of critical concern If you find yourself in this category. It is essential to understand these changes and take immediate action to ensure avoiding fines of up to $100,000 per incident and prison sentences of up to five years.

What Are the FTC Safeguards?

The Federal Trade Commission has rolled out new cybersecurity safeguards, primarily aimed at businesses that handle sensitive customer data, such as financial institutions, healthcare providers, and certain service providers. These safeguards are designed to protect consumers’ personal information from data breaches and security vulnerabilities.

Who’s covered by the Safeguard Rule?

How do you know if your business is a financial institution subject to the Safeguards Rule? First, consider that the Rule defines “financial institution” in a way that’s broader than how people may use that phrase in conversation. Furthermore, what matters are the types of activities your business undertakes, not how you or others categorize your company.

Some Simple Examples of organizations that may be covered are:

  • Tax Preparation Firms
  • Investment advisers not required to be registered with the SEC
  • Collection agencies
  • Real estate appraisers
  • Tax Preparers
  • Mortgage brokers
  • Certain Car Dealerships
  • Retailers extending credit through their own credit card services
  • Higher education institutions participating in federal student financial aid programs authorized under Title IV of the Higher Education Act of 1965

What do you need to do if you are covered?

Are you covered by the new FTC safeguards?We are here to guide you through the process of compliance with the new FTC safeguards. Please reach out to our team for help. For more info on what is required below is a very brief outline.

1: Designate a Qualified Individual

2: Perform and document risk assessment

3: apply controls

4: Validate controls

5: Develop Training/Auditing Program

SecOps 131 – FTC Safeguards

6: Monitor Service Providers

7: Develop Continuous Improvement Cadence

8: Document Incident Response Plan

9: Provide Annual Reporting to Senior Leadership

  • Designated Qualified Individual must provide annual report to leadership body
  • Include overall status of security program and compliance
  • Must also have material matters related to the information security program (assessme

This client alert is prepared for the general information of our partners. It should not be regarded as legal advice.

Author: IntegriCom

Founded in 2000, IntegriCom is a family-owned IT services firm based in Suwanee, Georgia. Specializing in managed IT solutions, cybersecurity, cloud services, and business communications, IntegriCom partners with small to mid-sized businesses across Atlanta and beyond. Our team is committed to delivering reliable, secure, and scalable technology solutions that align with clients’ goals. With a focus on integrity, professionalism, and continuous improvement, IntegriCom aims to empower businesses through technology.

Contact Us

This field is for validation purposes and should be left unchanged.