Safeguards Rule Resource Center

The Gramm-Leach-Bliley Act (GLBA) requires that covered financial institutions, including debt collectors, protect the security of their customers’ financial information. In 2021, the Federal Trade Commission made the first major changes to these requirements in almost 20 years and gave companies one year to comply with the Standards for Safeguarding Customer Information—the Safeguards rule.

The rule requires financial institutions to develop, implement, and maintain a comprehensive information security program by June 9, 2023. (This is an extension from the previous deadline of Dec. 9, 2022, which was achieved thanks in part to ACA’s advocacy on the issue.)

Read the text of the amended rule as well as articles breaking down compliance with the rule, review the comprehensive ACA SearchPoint document on the Safeguards Rule, listen to related recordings of ACA’s members-only ACA Huddle® and more.

NEW E-Book From TPx:
"FTC Safeguards Rule"
Read The eBook
Register for our ACA How: Safeguards Rule Implementation series and gain access to the recordings and content you may have missed.
Learn More

Safeguards Rule Compliance Countdown


Safeguards Webinar Recordings

ACA How: Safeguards Rule What?

TPx and ACA will distill the Safeguards rule of GLBA to simple terms and answer what an organization needs to do and by when.

ACA How: Owning Your Security Program

At a high level, every ACA member needs an overarching security program that is documented and governed.

ISO: How TPX Can Help

There are strategic, tactical, and technical aspects of being defensible to the Safeguards rule of GLBA. During this session, TPx will go over how we can help so ACA members can focus on their business.

Blogs From TPx

How to Devise a Plan for Defensibility

- Blog Post -

How to Devise a Plan for Defensibility

Are you ready to comply with the new FTC Safeguards Rule? You only have few short months left – and a long list of requirements.
Read More
Is Time On Your Side?

- Blog Post -

Is Time On Your Side?

A look at how long it can take to detect a data breach—and how long it can take to recover from one.
Read More
Addressing the FTC Safeguards Rule – One Requirement at a Time

- Blog Post -

Addressing the FTC Safeguards Rule – One Requirement at a Time

The new Safeguards Rule mandates nine requirements to help make your business become defensible from cyberattacks -- and the deadline is quickly approaching.
Read More
The Importance of Cybersecurity Awareness Training

- Blog Post -

The Importance of Cybersecurity Awareness Training

One of the key components of the FTC Safeguards Rule is cybersecurity awareness training.
Read More
Safeguards Rule – Where Does Your Company Fit In?

- Blog Post -

Where Does Your Company Fit In?

The FTC released updated guidelines that specifically detail compliance requirements for businesses that work with financial data. What are they for your company?
Read More
70% of Financial Institutions Lost Over $500K to Fraud in 2022

- Blog Post -

70% of Financial Institutions Lost Over $500K to Fraud in 2022

Data breaches costing six and seven figures are becoming more common among financial institutions of all sizes.
Read More
Where to Find Cybersecurity Experts?

- Blog Post -

Where to Find Cybersecurity Experts?

Recruitment and retention of cybersecurity talent is a problem, especially for small and midsize businesses with leaner budgets.
Learn About Safeguards
Safeguards Rule Compliance Countdown:
Are You Ready?

- Blog Post -

Safeguards Rule Compliance Countdown: Are You Ready?

Did you know that in six short months, your business must develop, implement, and maintain a comprehensive information security program?
Learn About Safeguards
Helping You Become Cyber Secure

- Blog Post -

Helping You Become Cyber Secure

The cybersecurity landscape is changing rapidly. Our job at TPx is to help businesses navigate these changes to improve their security posture and be compliant with industry regulations.
Get Secure

What to Know

Under the Gramm-Leach-Bliley Act (GLBA), a debt collector must comply with the Safeguards Rule, which requires covered financial institutions to develop, implement, and maintain an information security program with administrative, technical, and physical safeguards designed to protect customer information.

The Safeguards Rule took effect Jan. 10, 2021, and its requirements will apply beginning June 9, 2023.

The final Safeguards Rule contains five main modifications to the existing rule:

  • It adds provisions designed to provide covered financial institutions with more guidance on how to develop and implement specific aspects of an overall information security program, such as access controls, authentication and encryption.
  • It adds provisions designed to improve the accountability of financial institutions’ information security programs, such as by requiring periodic reports to boards of directors or governing bodies.
  • It exempts financial institutions that collect less customer information from certain requirements.
  • It expands the definition of “financial institution” to include entities engaged in activities the Federal Reserve Board determines to be incidental to financial activities. This change adds “finders”—companies that bring together buyers and sellers of a product or service—within the scope of the rule.
  • The final rule defines several terms and provides related examples in the rule itself in one place rather than incorporate them from the Privacy of Consumer Financial Information Rule.

Helpful Links

Text of the Safeguards Rule

The Safeguards Rule as published in the Code of Federal Regulations.

FTC Safeguards Rule: What Your Business Needs to Know

Small entity compliance guide from the FTC.

CFPB Circular on the Safeguards Rule

The CFPB issued a circular stating that financial services companies with insufficient data protection or information security violate the prohibition on unfair acts or practices in the CFPA, and provides examples.

NIST Cybersecurity Framework

Debt collection agencies can use the NIST Cybersecurity Framework’s standards and best practices to help them comply with the Safeguards Rule.

ACA Resources

ACA Daily Articles About the Safeguards Rule

Read coverage of news and compliance information in these ACA Daily articles.

ACA SearchPoint

Members can read ACA SearchPoint document #2255, which was recently updated to reflect the CFPB’s compliance guidance on the Safeguards Rule.

ACA Huddle® Recording

Members-Only Resource
Best Practices for FTC Safeguards Rule Compliance
Leslie Bender, CCCO, and Kim Phan lead this ACA Huddle on the Safeguards Rule. Learn more about what your company should be doing to develop and implement an information security program that complies with the rule. Members can view a PowerPoint presentation from the Huddle here.

ACA How: Safeguards Rule Implementation

Friday, December 09, 2022 - Friday, July 14, 2023
Central Standard Time

ACA has partnered with TPx Communications for a webinar series to help you comply with the Safeguards Rule. It will run throughout October and into December.

ACA Advocacy

ACA filed extensive comments on the Safeguards Rule discussing potential compliance burdens for ACA members. Most recently, ACA International and other industry trade groups submitted a letter to the FTC requesting deadline extension from Dec. 9, 2022, to Dec. 9, 2023. 

On Nov. 15, 2022, the FTC announced it is extending the deadline for companies to comply with some of the changes in the Safeguards Rule by six months to June 9, 2023.

Read more in this ACA Daily article.

Access all of ACA’s letters and comments to regulators on our Policymakers website:


Alliance ACA
Compliancy Group
Alliance ACA
ABC Incorporated Advertisement

Have Questions? We Are Here to Help

One moment please...

Share Profile

This site uses cookies. By continuing to use our site, you are agreeing to our use of cookies. Review our Privacy Policy for more information. You may change your preferences on how cookies are stored by reviewing the settings on your browser.

The content on this site is presented for educational, general reference, and informational purposes only; is not intended to serve as legal or other advice; is not intended to be a full and exhaustive explanation of the law in any area; and should not replace the advice of your own legal counsel. By continuing to use our site, you are agreeing to the legal disclaimers in our Terms of Use. Review our Terms of Use for more information.

Friendly Reminder

Get continued access to ACA International’s wide array of resources, which can help you become more profitable, compliant and successful.

Renew your membership today to take advantage of tools you won’t find anywhere else:

  • Discounts on seminars, products, services and events
  • Resources to strengthen your compliance department
  • Industry-specific risk management products and services
  • Participation in ACA’s online community, The Hub
    Members-only website content
  • Professional development and training opportunities, and so much more!

If you have completed your renewal, please disregard this reminder.