If your business handles customer financial information, there's a good chance the FTC Safeguards Rule applies to you — even if you've never heard of it. Here's the plain-English version.
Who it covers
The rule covers "financial institutions," but that definition is broad. It includes many businesses that don't think of themselves that way: tax preparers, accountants, financial advisors, mortgage brokers, and more. If you collect and keep customers' financial data, it's worth checking.
What it requires
At its core, the rule asks you to maintain a written information security program (WISP). That includes:
- A qualified person responsible for security
- A written risk assessment
- Access controls and encryption for sensitive data
- Multi-factor authentication
- Ongoing monitoring and regular testing
- Employee training
- Oversight of the vendors who touch your data
Why it matters
Beyond avoiding penalties, this is simply good business. The same controls that satisfy the rule are the ones that protect you from a breach in the first place — and increasingly, your cyber-insurance carrier will ask for them too.
The good news
You don't have to build this alone. We help covered businesses stand up a compliant program — the policies, the controls, and the documentation — and keep it current as your business changes.
Not sure whether the rule applies to you? Book a free assessment and we'll walk through it together.