The FTC released updated Safeguards Rule guidelines that specifically detail compliance requirements for businesses that work with financial data. But not all companies need to adhere to all Safeguards requirements. So, what is it for your company?
2/7/2022 3:00 P.M.
For businesses with more than 5,000 customers
ACA members are directly affected by the new Safeguards Rule requirements. By June 9, 2023, if your company has more than 5,000 customer records, you need to comply with all the Safeguards Rule requirements.
Avoid fines of up to $100,000 per incident and prison sentences of up to five years by upgrading your cybersecurity program before the June 2023 deadline.
We’ve simplified the mandatory rules into a list that’s more manageable:
- Identify an organization (like TPx) or a qualified employee to head up your cybersecurity program.
- Run a risk assessment.
- Deploy safeguards and mitigate risks.
- Regularly examine your infrastructure.
- Train staff on security awareness.
- Monitor progress with a designated service provider.
- Run cybersecurity updates.
- Create and implement an incident response plan.
- Regularly report and document progress.
If you have more than 5,000 customers’ records, these nine regulations directly affect you.
It may sound like a daunting task to become compliant with so many security practices, but TPx is here to help. We can create, own, and maintain the security program for you, which aligns with the FTC Safeguards requirements.
But what if your business has less than 5,000 customers?
Built into the Safeguards Rule is an important exemption for financial institutions that hold data for less than 5,000 customers.
It’s important to note that your company must have less than 5,000 customers in total, not annually. At any point, if your organization exceeds 5,000 customer records, you no longer receive an exemption from the Safeguards Rule.
Companies with less than 5,000 customers are exempt from the following requirements:
- Run a risk assessment.
- Monitor progress with a designated service provider.
- Create and implement an incident response plan.
- Regularly report and document progress.
But that means you are still on the hook for these five requirements:
- Identify an organization (like TPx) or a qualified employee to head up your cybersecurity program.
- Deploy safeguards and mitigate risks.
- Regularly examine your infrastructure.
- Train staff on security awareness.
- Run cybersecurity updates.
Smaller businesses may have difficulty becoming defensible due to a lack of resources. That is where TPx comes in—we have security experts to help you create, maintain, and own the program for you without breaking the bank. We can recommend what your company needs and help you meet those requirements.
Whether you’re starting out or just need to fine-tune your existing security program, TPx can help.
ACA has tapped TPx as its Safeguards Security Partner of Choice. We’re ready to help make your business defensible by the deadline and help you avoid hefty financial penalties.
With unique solutions at discounted pricing for ACA members, you’ll find that the list of requirements is not only attainable, but also manageable in the long run.
Find more information and get started at TPx.com/ACA.
