The Safeguards Rule is a key component of the Federal Trade Commissions’s Gramm-Leach-Bliley Act (GBLA). It requires financial institutions to implement safeguards that protect customer data from potential breaches or compromise. In this case, customer data is "any nonpublic personal information a customer gives to an organization."
In December 2021, the FTC released “The Final Rule,” an amendment to the Safeguards Rule that encompasses a variety of changes, including an expansion of the FTC’s jurisdiction and specific requirements for executing an information security program.
You may be surprised to learn that several kinds of organizations fall under the new FTC Safeguards Rule as "financial institutions," including certain travel agencies, car dealerships, tax preparation firms, accountants, and more. You can learn more about the kinds of organizations subject to the rule in this blog post or in the FTC text here.
To help break down the components of the rule and make them actionable for your organization, Virtru created the following FTC Safeguards checklist.