Understanding the New Safeguards Rule

Understanding the Federal Trade Commission's New Safeguards Rule

The Federal Trade Commission (FTC) recently announced a pivotal amendment to the Safeguards Rule, marking a significant shift in data security protocols for institutions. This new rule mandates all institutions to notify the FTC within 30 days of specific security events. The New Safeguards Rule represents a considerable advancement in the realm of data protection and cybersecurity compliance.

What is the New Safeguards Rule?

The new Safeguards Rule requires all institutions to notify the FTC within 30 days of certain security events. Specifically, these events involve breaches of unencrypted customer information that affect 500 or more customers. This amendment is not just a procedural update but a strategic move to bolster the security and integrity of customer data.

Detailed Notification Requirements

Under the new Safeguards Rule, institutions must provide comprehensive notifications, including the contact information of the reporting entity, a description of the compromised information, the date of the security event, the number of impacted customers, and an overall summary of the incident. This requirement ensures a transparent and prompt response to potential data security threats.

Effective Date and Compliance

It is required to adhere to the new Safeguards Rule within 180 days of its publication in the Federal Register. This compliance timeline emphasizes the urgency for organizations to update their incident response strategies.

Background of the Safeguards Rule

Originally published in 2021, the Safeguards Rule did not initially include these notification requirements. Introducing the new Safeguards Rule fills this gap, enabling the FTC to better monitor and respond to emerging data security threats, particularly those affecting financial institutions.

Best Practices for Compliance

It is important that our industry understands relevant security laws, knows where sensitive data is stored, defines breach communication responsibilities, prepares ahead with template messages, and seeks professional breach counsel. Partnering with a third-party company, like TEC Services Group, can help to bring your debt collection agency into compliance.

The new Safeguards Rule is a landmark development in data security, compelling institutions to adopt more stringent measures for protecting customer data. By understanding and implementing the requirements of this rule, organizations can significantly improve their cybersecurity posture, ensuring a safer digital environment for their customers and stakeholders. If your organization is not compliant, or if you need help navigating the ever-changing rules and regulations, contact us. We’re here to help you succeed.


Sedric is an innovative technology that is being deployed at the highest levels of our industry. When combined with leading omnichannel systems, Sedric can deliver real-time compliance management, voice analytics, and reporting on all forms of communication to guarantee your agency is doing everything possible to deliver amazing customer experiences.


Intelligent Contacts is one of the leading omnichannel solutions in the market today. By combining customer payment opportunities in line with your dialer and telephony platforms, they are changing the game when it comes to effective and efficient consumer engagement.


As a premier solution for enterprise organizations, C&R’s Debt Manager platform is designed to provide the most flexible and compliant solution on the market. Debt Manager is used by the world’s largest banks and governments, along with some of the ARM industry’s largest collection companies.


Latitude by Genesys is one of the leading technologies for mid-market and enterprise companies. With a long history in both first-party agency management and third-party collections, Latitude’s functionality is built for the end user. Administrative tasks become easy while remaining flexible for your changing business operations.

"*" indicates required fields

Contact Information



When are you typically available?


Currently in debt collections (or related) industry?
Collection System(s) that you've worked with and how long?
How long ago
Other Technical Skills
This field is for validation purposes and should be left unchanged.