anonymous

Safeguards Rule Resource Center

The Gramm-Leach-Bliley Act (GLBA) requires that covered financial institutions, including debt collectors, protect the security of their customers’ financial information. In 2021, the Federal Trade Commission made the first major changes to these requirements in almost 20 years and gave companies one year to comply with the Standards for Safeguarding Customer Information—the Safeguards rule.

The rule requires financial institutions to develop, implement, and maintain a comprehensive information security program by June 9, 2023. (This is an extension from the previous deadline of Dec. 9, 2022, which was achieved thanks in part to ACA’s advocacy on the issue.)

Read the text of the amended rule as well as articles breaking down compliance with the rule, review the comprehensive ACA SearchPoint document on the Safeguards Rule, listen to related recordings of ACA’s members-only ACA Huddle® and more.

Safeguards Rule Compliance Countdown

06/09/2023

Safeguards Webinar Recordings

ACA How: Safeguards Rule What?

TPx and ACA will distill the Safeguards rule of GLBA to simple terms and answer what an organization needs to do and by when.

ACA How: Owning Your Security Program

At a high level, every ACA member needs an overarching security program that is documented and governed.

ISO: How TPX Can Help

There are strategic, tactical, and technical aspects of being defensible to the Safeguards rule of GLBA. During this session, TPx will go over how we can help so ACA members can focus on their business.

Blogs From TPx

Helping You Become Cyber Secure

- Blog Post -

Helping You Become Cyber Secure

The cybersecurity landscape is changing rapidly. Our job at TPx is to help businesses navigate these changes to improve their security posture and be compliant with industry regulations.
Read More

What to Know

Under the Gramm-Leach-Bliley Act (GLBA), a debt collector must comply with the Safeguards Rule, which requires covered financial institutions to develop, implement, and maintain an information security program with administrative, technical, and physical safeguards designed to protect customer information.

The Safeguards Rule took effect Jan. 10, 2021, and its requirements will apply beginning June 9, 2023.

The final Safeguards Rule contains five main modifications to the existing rule:

  • It adds provisions designed to provide covered financial institutions with more guidance on how to develop and implement specific aspects of an overall information security program, such as access controls, authentication and encryption.
  • It adds provisions designed to improve the accountability of financial institutions’ information security programs, such as by requiring periodic reports to boards of directors or governing bodies.
  • It exempts financial institutions that collect less customer information from certain requirements.
  • It expands the definition of “financial institution” to include entities engaged in activities the Federal Reserve Board determines to be incidental to financial activities. This change adds “finders”—companies that bring together buyers and sellers of a product or service—within the scope of the rule.
  • The final rule defines several terms and provides related examples in the rule itself in one place rather than incorporate them from the Privacy of Consumer Financial Information Rule.

Helpful Links

Text of the Safeguards Rule

The Safeguards Rule as published in the Code of Federal Regulations.

FTC Safeguards Rule: What Your Business Needs to Know

Small entity compliance guide from the FTC.

CFPB Circular on the Safeguards Rule

The CFPB issued a circular stating that financial services companies with insufficient data protection or information security violate the prohibition on unfair acts or practices in the CFPA, and provides examples.

NIST Cybersecurity Framework

Debt collection agencies can use the NIST Cybersecurity Framework’s standards and best practices to help them comply with the Safeguards Rule.

ACA Resources

ACA Daily Articles About the Safeguards Rule

Read coverage of news and compliance information in these ACA Daily articles.

*NEW* ACA SearchPoint

Members can read ACA SearchPoint document #2255, which was recently updated to reflect the CFPB’s compliance guidance on the Safeguards Rule.

ACA Huddle® Recording

Members-Only Resource
Best Practices for FTC Safeguards Rule Compliance
Leslie Bender, CCCO, and Kim Phan lead this ACA Huddle on the Safeguards Rule. Learn more about what your company should be doing to develop and implement an information security program that complies with the rule. Members can view a PowerPoint presentation from the Huddle here.

ACA How: Safeguards Rule Implementation

Tuesday, October 4, 2022 - Friday, December 16, 2022
Central Standard Time

ACA has partnered with TPx Communications for a webinar series to help you comply with the Safeguards Rule. It will run throughout October and into December.

ACA Advocacy

ACA filed extensive comments on the Safeguards Rule discussing potential compliance burdens for ACA members. Most recently, ACA International and other industry trade groups submitted a letter to the FTC requesting deadline extension from Dec. 9, 2022, to Dec. 9, 2023. 

On Nov. 15, 2022, the FTC announced it is extending the deadline for companies to comply with some of the changes in the Safeguards Rule by six months to June 9, 2023.

Read more in this ACA Daily article.

Access all of ACA’s letters and comments to regulators on our Policymakers website:

 

Alliance ACA
UPS Advertisement
Alliance ACA
Benefit Hub

Have Questions? We Are Here to Help

This site uses cookies. By continuing to use our site, you are agreeing to our use of cookies. Review our Privacy Policy for more information. You may change your preferences on how cookies are stored by reviewing the settings on your browser.

The content on this site is presented for educational, general reference, and informational purposes only; is not intended to serve as legal or other advice; is not intended to be a full and exhaustive explanation of the law in any area; and should not replace the advice of your own legal counsel. By continuing to use our site, you are agreeing to the legal disclaimers in our Terms of Use. Review our Terms of Use for more information.

Friendly Reminder

Get continued access to ACA International’s wide array of resources, which can help you become more profitable, compliant and successful.

Renew your membership today to take advantage of tools you won’t find anywhere else:

  • Discounts on seminars, products, services and events
  • Resources to strengthen your compliance department
  • Industry-specific risk management products and services
  • Participation in ACA’s online community, The Hub
    Members-only website content
  • Professional development and training opportunities, and so much more!

If you have completed your renewal, please disregard this reminder.