Safeguards Rule Resource Center
The Gramm-Leach-Bliley Act (GLBA) requires that covered financial institutions, including debt collectors, protect the security of their customers’ financial information. In 2021, the Federal Trade Commission made the first major changes to these requirements in almost 20 years and gave companies one year to comply with the Standards for Safeguarding Customer Information—the Safeguards rule.
The rule requires financial institutions to develop, implement, and maintain a comprehensive information security program by June 9, 2023. (This is an extension from the previous deadline of Dec. 9, 2022, which was achieved thanks in part to ACA’s advocacy on the issue.)
Read the text of the amended rule as well as articles breaking down compliance with the rule, review the comprehensive ACA SearchPoint document on the Safeguards Rule, listen to related recordings of ACA’s members-only ACA Huddle® and more.
Safeguards Webinar Recordings
ISO: How TPX Can Help
There are strategic, tactical, and technical aspects of being defensible to the Safeguards rule of GLBA. During this session, TPx will go over how we can help so ACA members can focus on their business.
Blogs From TPx
What to Know
Under the Gramm-Leach-Bliley Act (GLBA), a debt collector must comply with the Safeguards Rule, which requires covered financial institutions to develop, implement, and maintain an information security program with administrative, technical, and physical safeguards designed to protect customer information.
The Safeguards Rule took effect Jan. 10, 2021, and its requirements will apply beginning June 9, 2023.
The final Safeguards Rule contains five main modifications to the existing rule:
- It adds provisions designed to provide covered financial institutions with more guidance on how to develop and implement specific aspects of an overall information security program, such as access controls, authentication and encryption.
- It adds provisions designed to improve the accountability of financial institutions’ information security programs, such as by requiring periodic reports to boards of directors or governing bodies.
- It exempts financial institutions that collect less customer information from certain requirements.
- It expands the definition of “financial institution” to include entities engaged in activities the Federal Reserve Board determines to be incidental to financial activities. This change adds “finders”—companies that bring together buyers and sellers of a product or service—within the scope of the rule.
- The final rule defines several terms and provides related examples in the rule itself in one place rather than incorporate them from the Privacy of Consumer Financial Information Rule.
CFPB Circular on the Safeguards Rule
The CFPB issued a circular stating that financial services companies with insufficient data protection or information security violate the prohibition on unfair acts or practices in the CFPA, and provides examples.
ACA Huddle® Recording
Best Practices for FTC Safeguards Rule Compliance
Leslie Bender, CCCO, and Kim Phan lead this ACA Huddle on the Safeguards Rule. Learn more about what your company should be doing to develop and implement an information security program that complies with the rule. Members can view a PowerPoint presentation from the Huddle here.
ACA How: Safeguards Rule Implementation
Friday, December 09, 2022 - Friday, July 14, 2023
Central Standard Time
ACA has partnered with TPx Communications for a webinar series to help you comply with the Safeguards Rule. It will run throughout October and into December.
ACA filed extensive comments on the Safeguards Rule discussing potential compliance burdens for ACA members. Most recently, ACA International and other industry trade groups submitted a letter to the FTC requesting deadline extension from Dec. 9, 2022, to Dec. 9, 2023.
On Nov. 15, 2022, the FTC announced it is extending the deadline for companies to comply with some of the changes in the Safeguards Rule by six months to June 9, 2023.
Read more in this ACA Daily article.
Access all of ACA’s letters and comments to regulators on our Policymakers website: