anonymous

Safeguards Rule – Where Does Your Company Fit In?

TPX

The FTC released updated Safeguards Rule guidelines that specifically detail compliance requirements for businesses that work with financial data. But not all companies need to adhere to all Safeguards requirements. So, what is it for your company?

2/7/2022 3:00 P.M.

For businesses with more than 5,000 customers

ACA members are directly affected by the new Safeguards Rule requirements. By June 9, 2023, if your company has more than 5,000 customer records, you need to comply with all the Safeguards Rule requirements.

Avoid fines of up to $100,000 per incident and prison sentences of up to five years by upgrading your cybersecurity program before the June 2023 deadline.

We’ve simplified the mandatory rules into a list that’s more manageable:

  • Identify an organization (like TPx) or a qualified employee to head up your cybersecurity program.
  • Run a risk assessment.
  • Deploy safeguards and mitigate risks.
  • Regularly examine your infrastructure.
  • Train staff on security awareness.
  • Monitor progress with a designated service provider.
  • Run cybersecurity updates.
  • Create and implement an incident response plan.
  • Regularly report and document progress.

If you have more than 5,000 customers’ records, these nine regulations directly affect you.

It may sound like a daunting task to become compliant with so many security practices, but TPx is here to help. We can create, own, and maintain the security program for you, which aligns with the FTC Safeguards requirements.

But what if your business has less than 5,000 customers?

Built into the Safeguards Rule is an important exemption for financial institutions that hold data for less than 5,000 customers.

It’s important to note that your company must have less than 5,000 customers in total, not annually. At any point, if your organization exceeds 5,000 customer records, you no longer receive an exemption from the Safeguards Rule.

Companies with less than 5,000 customers are exempt from the following requirements:

  • Run a risk assessment.
  • Monitor progress with a designated service provider.
  • Create and implement an incident response plan.
  • Regularly report and document progress.

But that means you are still on the hook for these five requirements:

  • Identify an organization (like TPx) or a qualified employee to head up your cybersecurity program.
  • Deploy safeguards and mitigate risks.
  • Regularly examine your infrastructure.
  • Train staff on security awareness.
  • Run cybersecurity updates.

Smaller businesses may have difficulty becoming defensible due to a lack of resources. That is where TPx comes in—we have security experts to help you create, maintain, and own the program for you without breaking the bank. We can recommend what your company needs and help you meet those requirements.

Whether you’re starting out or just need to fine-tune your existing security program, TPx can help.

ACA has tapped TPx as its Safeguards Security Partner of Choice. We’re ready to help make your business defensible by the deadline and help you avoid hefty financial penalties.

With unique solutions at discounted pricing for ACA members, you’ll find that the list of requirements is not only attainable, but also manageable in the long run.

Find more information and get started at TPx.com/ACA.

If you have executive leadership updates or other member news to share with ACA, contact our communications department at [email protected]. View our publications page for more information and our news submission guidelines here.

Advertisement

Base

Advertisement

SearchPoint
One moment please...

Share Profile

This site uses cookies. By continuing to use our site, you are agreeing to our use of cookies. Review our Privacy Policy for more information. You may change your preferences on how cookies are stored by reviewing the settings on your browser.

The content on this site is presented for educational, general reference, and informational purposes only; is not intended to serve as legal or other advice; is not intended to be a full and exhaustive explanation of the law in any area; and should not replace the advice of your own legal counsel. By continuing to use our site, you are agreeing to the legal disclaimers in our Terms of Use. Review our Terms of Use for more information.

Friendly Reminder

Get continued access to ACA International’s wide array of resources, which can help you become more profitable, compliant and successful.

Renew your membership today to take advantage of tools you won’t find anywhere else:

  • Discounts on seminars, products, services and events
  • Resources to strengthen your compliance department
  • Industry-specific risk management products and services
  • Participation in ACA’s online community, The Hub
    Members-only website content
  • Professional development and training opportunities, and so much more!

If you have completed your renewal, please disregard this reminder.