The Federal Trade Commission today announced it is extending, by six months, the deadline for companies to comply with some of the amendments to the FTC’s Safeguards Rule. Earlier this year, NADA submitted comments to the FTC seeking an extension of the deadline. The deadline for complying with some of the updated requirements of the Safeguards Rule is now June 9, 2023.
The provisions of the updated rule specifically affected by the six-month extension include requirements that covered financial institutions such as:
- designating a qualified individual to oversee the information security program,
- developing a written risk assessment,
- limiting and monitoring who can access sensitive customer information,
- encrypting all sensitive information,
- training security personnel,
- developing an incident response plan,
- periodically assessing the security practices of service providers, and
- implementing multi-factor authentication or another method with equivalent protection for any individual accessing customer information.
Dealers are encouraged to continue in their efforts to expeditiously comply with all the new requirements of the Rule but should consult with their attorneys, service providers and IT professionals about the potential impact of this deadline extension.