E Point Perfect
Law \ Legal

FTC extends deadline for updated Safeguards Rule by six months


On November 15, 2022, the FTC announced that it was extending by six months the deadline for companies to comply with some portions of the updated Safeguards Rule. The extension comes as a welcome relief to companies racing to meet the rapidly nearing effective date.

The FTC approved changes to the longstanding Safeguards Rule in October 2021.  The updated rule includes several components that could require significant operational modifications, such as encryption at rest and multifactor authentication whenever nonpublic personal information is accessed.  While some components went into effect 30 days after publication, the most substantive changes were set to go into effect on December 9, 2022. 

The FTC voted unanimously to extend that December 9 date to June 9, 2023.  Accordingly, subject companies will have an additional six months to:

  • Designate a qualified individual to oversee their information security program;
  • Develop a written risk assessment;
  • Limit and monitor who can access customer information;
  • Encrypt information in transit and at rest;
  • Train security personnel;
  • Develop a written incident response plan; and
  • Implement multifactor authentication whenever anyone accesses customer information.

While the new deadline certainly provides breathing rom, companies should not take it as an opportunity to delay.  Indeed, between the holidays and state law compliance initiatives, the new deadline will also soon be rapidly approaching. 


Source link

Related posts

University research advances food safety with faster Listeria test and Norovirus vaccine

PSR sets out plans to help UK retailers get better deals for card-acquiring services

California AB 1041 Expands Workers’ CFRA Leave Rights


Converting contacts into clients – LexBlog

Another Chocolate False Ad Lawsuit Dismissed