Time is Running Out to Comply with Revised FTC Safeguards Rule

On Tuesday, November 15th, the FTC postponed enforcement of some of the requirements of the revised Safeguards Rule.  This change allows affected entities some breathing room, offering an six additional months (6/9/23) for implementation.   To ensure you are not scrambling last minute, we’ll offer monthly updates on how you can start moving towards compliance.
Let’s continue with Requirement #3:

~ Design and Implement Safeguards to Control Identified Risks ~

Once you’ve conducted a risk assessment, you’ll be required to take what you’ve learned and put it into practice. In addition to working through that to-do list, the FTC has outlined items that are required for your company to be considered compliant.

  1. Control who has access to customer information and review that access regularly.
  1. Understand, document, and regularly review where things are stored on your organization’s network, and where data is located and transmitted.
  1. Encrypt customer information on your system and when it’s in transit.
  1. If your company uses apps to store, access, or transmit customer information, ensure that those programs are secured.
  1. Implement multi-factor authentication for any accounts that have access to customer information in your network.  Watch our video to learn how to easily implement 2FA.
  1. Securely Dispose of Customer Information According to a Regular Schedule. The FTC also requires that this data be disposed of no later than two years after it has most recently been used to serve the client.
  1. Anticipate and manage any changes to hardware or software within the existing network, and adjust your information security program to address them.
  1. Log all authorized user activity when accessing customer information and monitor your network for signs of unauthorized access.

What is a Risk Assessment?
Risk Assessments include taking inventory of your data and where it’s being stored. Then, assess your organization’s threats and risks; this should be an evaluation of any internal or external security risks that could compromise the security, confidentiality, or integrity of customer information.  Need help getting started?  BMT can provide you with an IT Health Check, which assesses mentioned risks.  We’ll show you where you’re ahead…and where the risks reside.

BMT has the expertise to ensure your program is compliant. Want to learn more?
Schedule a Safeguards Compliance Assessment Today