Is your CPA, Accounting Firm, and Business ready for the June 9th deadline?
The FTC Safeguards Rule is a set of regulations that requires financial institutions to protect customer information from unauthorized access, use, or disclosure. The rule applies to accounting firms, mortgage lenders, payday lenders, and other businesses that provide financial services. The rule also covers finders, companies that bring together buyers and sellers of financial products or services.
The deadline is June 9th, 2023. If you have any questions, contact us or book a free consultation (https://ask.esudo.com/intro).
The FTC Safeguards Rule requires financial institutions to develop and implement a written information security program appropriate to the Business’s size and complexity, the nature and scope of activities, and the sensitivity of the information at issue. The program must include administrative, technical, and physical safeguards to protect customer information.
The FTC Safeguards Rule specifies nine elements that must be included in the information security program:
- Designate one or more employees to coordinate the program.
- Identify reasonably foreseeable internal and external risks to customer information and assess the sufficiency of existing safeguards.
- Design and implement safeguards to control the identified risks and regularly test or monitor their effectiveness.
- Oversee service providers by selecting and retaining only those that can maintain appropriate safeguards for customer information and requiring them by contract to implement and maintain such safeguards.
- Evaluate and adjust the program in light of relevant circumstances, such as changes in business operations or testing and monitoring results.
- Implement encryption for customer data at rest and in transit.
- Implement multi-factor authentication for any individual accessing customer data.
- Implement access controls based on the principle of least privilege, meaning that access to customer data is limited to only those employees who need it for their job functions.
- Implement a written incident response plan that addresses how to respond to, contain, and recover from a security incident involving customer data.
The FTC Safeguards Rule aims to ensure that financial institutions maintain safeguards to protect the security of customer information and prevent identity theft, fraud, and other harm. Contact us at 408-216-5800.