Hello PMC Peers! – In addition to carrying an entrepreneurial, investor, BYOB-focused life and looking forward to learning from and working with everyone here, I am an Executive Cybersecurity professional as well. I wanted to say if anyone needs help or wants to have a conversation about how the new FTC Safeguards Rule deadline might be a concern or requirement for PMC member’s activities I am here to talk. I want to bring something to the group with all the great support I have already gotten from Chris and the team.
Applies to financial institutions subject to the FTC’s jurisdiction and that aren’t subject to the enforcement authority of another regulator under section 505 of the Gramm-Leach-Bliley Act, 15 U.S.C. § 6805.
A “financial institution” if it’s engaged in an activity that is “financial in nature” or is “incidental to such financial activities as described in section 4(k) of the Bank Holding Company Act of 1956, 12 U.S.C § 1843(k).”
Entities this now applies to by definition of the FTC are:
Mortgage Brokers | Mortgage Lenders
Payday loan | Wire Transferors | Check Cashing
E-Commerce | List Developers
Automotive Dealerships (To include Used Car Resale Dealerships)
Personal Property Appraiser | Real Estate Appraiser
A retailer that extends credit by issuing its credit card
The U.S. Federal Trade Commission (FTC) ruling – the Safeguards Rule – requires non-banking financial institutions to develop, deploy and maintain a comprehensive security program to keep customer financial data safe.
The Rule requires financial institutions to implement an information security program, a set of policies, procedures, and guidelines that an organization uses to protect its customer information.
The program must include plans for managing access to data, detecting and responding to security incidents, security awareness training, and risk management. In addition, it sets forth the roles and responsibilities of the security team.
DESIGNATE A QUALIFIED INDIVIDUAL
Responsible to Design, Maintain, and Enforce the Information Security Policies and Compliance Requirements of FTC Safeguards Rule
The Safeguards Rule mandates that a “Qualified Individual” oversees information security programs and reporting, but offers no hard definition of who a Qualified Individual is. There are no defined experience, degree or accreditation requirements. This was done to provide flexibility, but it will lead to confusion for business owners
The attached PowerPoint is an ongoing public speaking deck I use for Rotary clubs, civic groups, and business groups to educate their memberships.