Guidance on Revised FTC Safeguards Rule

The FTC revised its Standards for Safeguarding Customer Information, also known as the Safeguards Rule, in December 2021. The Rule requires covered financial institutions to develop, implement, and maintain an information security program with administrative, technical, and physical safeguards designed to protect customer information.
The Rule defines customer information to mean “any record containing nonpublic personal information about a customer of a financial institution, whether in paper, electronic, or other form, that is handled or maintained by or on behalf of you or your affiliates.”
Section 314.2(h) of the Rule lists 13 examples of the kinds of entities that are financial institutions under the Rule, including tax preparation firms, mortgage lenders, payday lenders, finance companies, mortgage brokers, account servicers, check cashers, wire transferors, collection agencies, credit counselors and other financial advisors, non-federally insured credit unions, and investment advisors that aren’t required to register with the SEC.
The 2021 amendments to the Rule add a new example of a financial institution: finders. These are companies that bring together buyers and sellers and then the parties themselves negotiate and consummate the transaction.
A new publication, FTC Safeguards Rule: What Your Business Needs to Know, may help your company comply with the revised Safeguards Rule.
Get additional guidance from IRS Publication 4557, Safeguarding Taxpayer Data, and Checklist for Safeguarding Taxpayer Data.