Are you a small business owner with fewer than 5,000 consumer records? If so, you need to be aware of FTC Safeguards Rules. But don’t worry—we’ve got you covered! To help guide you through the process and make sure your biz is in compliance, here are the answers to some of the most commonly asked questions about FTC Safeguards Rules.

1. What Are FTC Safeguards Rules?

FTC Safeguards Rules are rules that protect consumers’ personal information held by businesses. These rules require businesses to develop and implement safeguards to protect their customer’s data from unauthorized access or abuse. This includes setting up a system that tracks who has accessed customer data and what they did with it after accessing it.

2. What Are the Requirements of FTC Safeguards Rules?
Businesses must have written policies and procedures that address how they use, store, share, and protect their customer’s personal information. They must also notify customers when their information is collected and allow them to opt out of specific uses or sharing of their data if they choose to do so. Additionally, businesses must keep records of any security breaches and notify affected customers within a reasonable amount of time after a breach occurs.

3. How Can I Make Sure My Business Is Compliant With FTC Safeguards Rules?
The IRS requires your business to have a written information security plan (WISP) in place as part of their PTIN renewal application.  The WISP outlines how customer data will be used, stored, and shared, as well as procedures for responding to security incidents or breaches when they occur.  

Tax Preparers during the PTIN renewal process will notice it now states: “Data Security Responsibilities: “ I am aware of my legal obligation to have a data security plan and to provide data and system security protections for all taxpayer information. Check the box to confirm you are aware of this responsibility.”

It is also important for businesses to train staff on proper data handling protocols so everyone is on the same page when protecting consumer information from unauthorized access or abuse. Additional items include data backup, anti-virus, drive encryption, and enabling multi-factor or two-factor authentication for your application and remote access, like VPN or LogMeIn or Splashtop.

4. We are only 4 employees, does the FTC safeguards apply to us?
Yep it absolutely does. Here’s the thing… if you’re operating with less 5,000 consumer records, then a few pieces are not applicable. For example, from some of the rule’s original nine requirements — specifically having a written risk assessment, an incident response plan, and preparing the annual report to the board of directors. However, outside of compliance, we still want to protect you from a breach. Small businesses are the MOST vulnerable.

5. Are There Any Penalties For Violating These Regulations?
Yes – if a business fails to comply with its obligations under these rules, it could face civil penalties imposed by the Federal Trade Commission (FTC), including fines up fines up $43K per violation, which could quickly add up if not addressed promptly!

If you like to learn more, contact us for a complimentary strategy at


Watch our FTC Safeguard webinar to learn more: