The FTC’s Final Rule to amend the Standards for Safeguarding Customer Information has been published to the Federal Register. The effective date for the rule is January 10, 2022.
This means that starting January 10, 2022 organizations will begin to be required to implement the provisions within the FTC Safeguards Rule.
As part of this Final Rule, the deadline for complying with the provisions that organizations were originally given 6 months to meet has been extended to one year. This means that the following requirements in the Rule will need to be met by December 9, 2022:
– 314.4(a) the appointment of a Qualified Individual
– 314.4 (b)(1) conducting a written risk assessment
– 314(c)(1) through (8) setting forth the new elements of the information security program
– 314.4(d)(2) requiring continuous monitoring or annual penetration test
– 314.4(e) requiring training for personnel
– 314.4(f)(3) requiring periodic assessment of service providers
– 314.4(h) requiring a written incident response plan
– 314.4(i) requiring an annual written report from the Qualified Individual.
This encompasses all major requirements of the rule, meaning that organizations now have one year to build their compliance program, implement any new technologies, and to hire a Qualified Individual.
If your organization needs assistance complying with the FTC Safeguards Rule, please reach out to Kate Upton or Michael Hammond here at OCD-Tech. OCD-Tech has a tailored program to help organizations meet each requirement and can fit this program to each organization’s unique needs.
