FTC Extends Compliance Deadline for Updated Safeguards Rule
The FTC recently announced that it was extending the deadline for non-banking financial institutions, such as independent mortgage lenders and brokers, to comply with certain requirements of the updated Safeguards Rule from December 9, 2022, to June 9, 2023. WBK previously covered the changes made to the Rule here and here.
While portions of the updated Rule became effective on January 10, 2022, certain provisions were originally set to become effective on December 9, 2022. The provisions of the updated Safeguards Rule affected by the six-month extension include the requirements that covered financial institutions: (i) designate a qualified individual to oversee their information security program; (ii) develop a written risk assessment; (iii) limit and monitor who can access sensitive customer information; (iv) encrypt sensitive information; (v) develop an incident response plan; (vi) implement multi-factor authentication or another method with equivalent protection for any individual accessing customer information; (vii) train security personnel; and (viii) periodically assess the security practices of service providers. The FTC stated that it is extending the deadline to comply with these requirements based on reports that there is a shortage of qualified personnel to implement information security programs and that supply chain issues may lead to delays in obtaining necessary equipment for upgrading security systems.