The purpose of the Federal Trade Commission is to set standards for safeguarding customer information. The FTC’s Safeguards Rule originally took effect in 2003 but was revised in 2021 to ensure that the policy keeps in check with modern technology.
The amended rule offers in-depth guidance for a specific class of financial institutions, like mortgage companies, creditors, mortgage brokers, and debt collectors, and reflects core data security protocols that all organizations under the FTC’s jurisdiction must implement.
The FTC had imposed an initial deadline of December 9th, 2022, but has now revised it to take effect June 9th, 2023. There is a $45,000 penalty for violating the new regulations. Financial institutions like banks and federal credit unions, however, are not impacted by the Safeguards Rule.
At TEC Services Group, we understand the revision may be shocking news for non-banking financial institutions that are first-time subject to the FTC Safeguards Rule. So, what does this mean for collections agencies and their IT infrastructure?
What the FTC Safeguards Rule requires organizations to do.
The regulator of the rule outlines three standards for every IT program of applicable financial institutions, including collection agencies, to: ensure the security and confidentiality of customer data, protect customer data against hazards and threats, and prevent unauthorized access to their information.
The Safeguards Rule also outlines nine requirements for compliance. In order for an organization to be compliant, it must:
- Assign a qualified individual to implement and supervise an organization’s IT security program.
- Conduct a risk assessment to identify any vulnerabilities that may compromise security and/or confidentiality of customer data.
- Design and implement solutions to mitigate any risks identified through a risk assessment, including data encryption, multi-factor authentication, secure data disposal, and access control.
- Routinely monitor and test the strength of your security protocols.
- Train staff to cut out all human vulnerabilities in your security programs.
- Monitor service providers to ensure they meet company security standards.
- Keep your information security program updated.
- Create a documented incident response plan.
- An organization’s qualified individual report to its board of directors.
How the FTC Safeguards Rule affects collections agencies.
The core of the rule’s impact is this: specific financial institutions, such as collection agencies, must adhere to new standards of cybersecurity solutions. The new IT amendments have multiple new requirements, namely policies, updated reports and documentation, and in-depth technical and training requirements.
Collections agencies under the FTC should get into compliance as fast as possible before the deadline approaches. While the updated FTC Safeguards Rule demands a lot from your organization for compliance, it’s for the benefit of your organization and your customers.
Amidst an ever-growing spike in security threats, everybody must do their part in managing risks. Does your organization need help meeting compliance standards? TEC Services Group is here to assist you. Click here to begin.