shape
shape
shape
shape
shape
shape
3 August 2023 / Scott J. Best

New FTC Safeguard Rules: Staying Compliant in the World of Collections

Data security is one topic that is top of mind in today’s business environment, as there are daily news stories about cyberattacks which result in the exposure of personally identifying information, such as Social Security Numbers, birthdays, and addresses. Further exposure occurs when sending information via email, which, while convenient and fast, is not always secure. 
 
In an attempt to ensure that confidential and sensitive personal and financial information is maintained and secured, the Federal Trade Commission (FTC) has established many standards, and corresponding requirements, for various industries, most specifically financial institutions. Since the Safeguards Rule was first implemented in 2003 under the Gramm-Leach-Bliley Act, there have been significant changes in cybersecurity as well as the nature, frequency, and ferocity of cyberattacks. In an attempt to better secure consumer information, the FTC implemented new rules which went into effect in June of this year.
 

The new FTC Safeguard Rules set forth several requirements which need to be complied with. Those requirements include:

  1. Encryption of all customer information held or transmitted by the business.
  2. Restrict access to allow only access to authorized persons and limit information available to be reviewed to that information necessary to perform their duties or functions.  Multi-factor Authentication should be used.
  3. Designating a specific qualified employee to oversee and implement an information security program.
  4. Adopt procedures for evaluating and testing the security of external applications and devices used to transmit, access, or store consumer information.
  5. Staff must be trained, and retrained, on security awareness and there must be policies and procedures designed to monitor and log activities of authorized users and whether there has been unauthorized users and/or tampering of consumer information.
  6. Perform regular security assessments of security practices and procedures testing information security and access, confidentiality, and the integrity of the system.
  7. Develop a response plan if and when a security breach occurs.
  8. If the business maintains data on more than 5,000 consumers, there must be continuous monitoring and periodic assessments to detect changes and monitor for vulnerabilities.
  9. Data disposal procedures must be created to ensure secure disposal of consumer personal identifying information within two years of last providing products or services to the consumer.
 
Additionally, and perhaps more importantly, these changes will not only apply to what have historically been viewed as financial institutions. Instead, the updated Safeguard Rules will apply to any business engaged “in an activity that is financial in nature or incidental to” financial activities. Businesses now subject to the new requirements include but are not limited to, mortgage lenders and brokers, payday lenders, collection agencies, motor vehicle dealers, tax preparation firms, credit counselors, financial and investment advisors, non-federally insured credit unions, and a business that regularly wires money to and from consumers. While the new rules expanded who is required to comply with the Safeguards Rule, businesses with less than 5,000 consumers are exempt from some provisions of the updated Rule. However, it is recommended that all businesses take steps necessary to ensure consumer data and information is protected, and may be required by state-specific laws.
 
Failure to comply with the new standards can result in fines up to $100,000 per violation and potential lawsuits related to a data breach. If you are subject to the new Safeguard Rules, and are not in compliance with the updated rules, it is recommended you do so without delay.
Our team is constantly monitoring these changes. If you have any questions on this topic, please contact attorney Scott Best at any time.
 
This blog is not a solicitation for business and it is not intended to constitute legal advice on specific matters, create an attorney-client relationship or be legally binding in any way.

Related News

News / 30 April 2025

Weltman Celebrates 95 Years of Excellence in Creditor's Rights!

Weltman, Weinberg & Reis Co., LPA (Weltman), a nationally recognized creditors' rights law firm, is proud to announce the celebration of its 95th anniversary. Since its founding in 1930, Weltman has built a legacy of delivering trusted legal and recovery solutions to creditors across the country.
Read More
Insights / 15 April 2025

When a Tree Falls on a Car, Who's Liable? Exploring Subrogation When Objects Crash Down

When disaster literally falls from above, one of the first questions asked is: Who's responsible? That's where subrogation comes in and it's not always as straightforward as it seems.
Read More
Insights / 10 April 2025

Empowering the Next Generation: Weltman Joins AMTA National Championship

This past weekend, Weltman Attorneys Denise Leskovec and Jenna Rosen had the unique opportunity to serve as judges during the preliminary rounds of the American Mock Trial Association (AMTA) National Championship Tournament, held in Cleveland Ohio. Now, they are sharing their experience with us!
Read More

Join Our Email List

Get the latest articles and news delivered to your email inbox!
Subscribe

Contact Scott

Join Our Email List