The FTC Safeguards Rule Deadline is Here. What Now?

When laws evolve, so must businesses. In this era of the updated FTC Safeguards Rule, standing on the sidelines is not an option: The new rule has already taken effect.

In 2022, the Federal Trade Commission (FTC) significantly enhanced the Safeguards Rule, part of the Gramm-Leach-Bliley Act (GLBA), bringing a host of new cybersecurity requirements for financial institutions across the United States. This expanded rule mandated strict measures to protect customers' sensitive personal information and also expanded who would be on the hook for meeting compliance. Newly categorized “financial institutions” were given a deadline of June 9, 2023, to comply with these updated requirements.

Now that June 9th has come and gone, what happens next for “financial institutions,” including auto dealerships, mortgage lenders, tax preparers, and any business involved in consumer finance?

Safeguards-Rule Compliant? Enter A New Era for Data Security

The new FTC Safeguards Rule represents a more proactive and detailed approach to data protection in the financial sector. It requires firms to develop and implement a comprehensive, written information security program, encrypt all customer data at rest and in transit, and utilize multi-factor authentication among other stringent measures.

Many organizations across the financial sector have proactively responded to these new requirements, adopting robust cybersecurity tools and strategies to meet the deadline and secure their customer data. One such organization is Kunes Auto Group, a leading car and RV dealer chain with 42 dealerships across the Midwest.

With Virtru, Kunes and dealerships like it can encrypt consumers’ Personally Identifiable Information (PII) at rest and in transit, fulfilling the encryption provision of the FTC Safeguards Rule. This includes protecting  emails and files across all departments, from sales to office staff and beyond. Virtru's advanced features, including Data Loss Prevention rules and Control Center for auditing and viewing encryption activity, allow Kunes to thoroughly secure its customer data, meet FTC requirements, and ensure a high level of trust for their customers.

Ralph Rasmussen, Information Technology Specialist at Kunes, succinctly captured the company's motivation: "We don’t want to be part of a data breach... We don't want to be one of those companies that if a customer has identity theft, it gets traced back to the last place they used their personal data, [and it] was with us."

The case of Kunes Auto Group is a compelling illustration of how organizations can successfully navigate the demanding landscape of data security compliance. By leveraging Data-centric security tools and fostering a culture that prioritizes security, organizations can not only meet regulatory requirements but also significantly enhance the trust and confidence of their customers in the process.

Read the Full Kunes Auto Group Case Study

In Rasmussen's words, "The FTC rule hasn’t created any new thought really about overall protection of customer data. We've been taking measures to protect customer data for a long time. It's just a little different now. In the beginning, you could be a little more laid back. Over time, the bad guys keep getting better, and, as we keep growing, you have to look for more and more safeguards."

Not Yet Compliant? Virtru is Your Simple, Quickly Deployed Encryption Solution

Financial institutions not meeting these requirements by the deadline could face serious consequences, including significant financial penalties, reputational damage, and potential loss of customer trust. For instance, in the past, the FTC has brought legal action against companies that violate the GLBA, resulting in substantial settlements. It’s a big deal - and financial institutions should all be aware of it.

Read: 5 Ways To Start Complying with the FTC Safeguards Rule

If you're still wrestling with meeting the FTC Safeguards Rule or if you're discontent with your current encryption solution, Virtru’s suite of encryption solutions can help you strengthen compliance while balancing simplicity, cost, and quick deployment.

Harnessing the power of AES 256-bit encryption, “financial institutions” can protect their data with military-grade security and access control. Using the Trusted Data Format, Virtru wraps a protective, encrypted cloak around your data at the object level. No matter where your data sensitive data travels, it remains under your control for its entire lifespan.

With this granular approach, you can keep your data safe at rest or in transit via email, file sharing, or SaaS apps. With the Virtru Control Center in your toolkit, you’re in the driver’s seat when it comes to data access controls - you can grant or revoke access to data at any time.

Ready to take a closer look? Reach out to our team today to get started.