The Federal Trade Commission (FTC) has announced a six-month extension for those affected by the Safeguards Rule released in December 2021.
December 9, 2022 was the original compliance deadline for all companies and organizations to comply with certain aspects of the new rule under the requirements established by the Gramm-Leach-Bliley Act (GLBA). These changes are intended to strengthen the data security safeguards of those deemed financial institutions by the FTC to better protect personal information held for customers and students. The new deadline for compliance is now June 9, 2023.
Note that this only applies to certain aspects of the Safeguards Rule, not the entire rule itself. All financial institutions should be currently compliant with the GLBA as this extension relates only to some of the new and more specific security rules. Those are:
- designate a qualified individual to oversee their information security program,
- develop a written risk assessment,
- limit and monitor who can access sensitive customer information,
- encrypt all sensitive information,
- train security personnel,
- develop an incident response plan,
- periodically assess the security practices of service providers, and
- implement multifactor authentication or another method with equivalent protection for any individual accessing customer information.
To read more about the changes and who is affected, please see our FORsights™ article, “How Recent Changes in the GLBA Affect Higher Education.”
As always, continued diligence is recommended to strengthen your organization’s overall information security and further combat cyber-related attacks. While compliance deadlines are extending, attackers are acting now. If you have questions or would like more information, please reach out to a professional at FORVIS or submit the Contact Us form below.