Get Ready for the FTC Safeguards Rule
Until FTC Safeguards Rule Compliance Deadline
Your Cybersecurity Plan Starts Here
Who is Impacted by the FTC Safeguards Rule?
Any entities that engage in significant financial activities need to comply with the FTC Safeguards Rule. This requires non-banking financial institutions, such as mortgage brokers, financial advisors, and auto dealerships just to name a few. Businesses with less than 5,000 customer records are exempt from certain requirements, but nonetheless still need to follow certain provisions of the rule.
View the FTC’s guidelines for more information on whether your organization falls under the FTC Safeguards Rule.
Become Defensible With the FTC Safeguards Rule
Develop, implement, and maintain an information security program with administrative, technical, and physical safeguards designed to protect customer information. Your information security program must be written and it must be appropriate to the size and complexity of your business, the nature and scope of your activities, and the sensitivity of the information at issue.
To learn about the specific actions you must take, download our FTC Overview Infographic.
Can you answer "Yes" to all the questions below?
If not, let the security experts at TPx help your organization be more prepared and secure. Get in touch with our experts using the form below.
- Has your organization designated a qualified individual to supervise information security efforts?
- Has your organization conducted a risk assessment in the last two years?
- Are your current data inventory efforts (storage, backup, etc.) designed to keep an accurate and consistent list of company data?
- Is multifactor authentication (or two-factor authentication) required for all systems?
- Is your staff trained on information security awareness in a continuous manner (multiple times a month, every month)?
- Does your organization currently have a documented and defined Incident Response Plan?
- Are your current service providers monitored to ensure security expectations are met?
- Is your organization disposing of customer information no later than two years after its most recent use?
Trusted Cybersecurity Services for Every Business

FTC Safeguards Rule Compliance Guide
As security threats continue to evolve and become much more sophisticated, businesses need to ensure their data and environment is secure. The Safeguards Rule helps do just that.

How TPx Can Help
TPx can help create, maintain, and own your security program per the FTC Safeguards requirements. We have different solutions depending on the individual needs of each business.
Prepare your Business for the Safeguards Rule
Do you have any questions about the new FTC definitions and their effect on your business? Schedule a free consultation with our security experts. We can answer any of your questions and help you become defensible for the Safeguards Rule.
"*" indicates required fields
Call Now to Speak to a Security Expert
Chat with our Cybersecurity Experts
Calculate your Cybersecurity Risk
FTC Safeguards Rule FAQ
The Safeguards Rule requires any institutions engaged in significant financial activities to have measures in place to keep customer information secure.
The Safeguards Rule requires all non-banking financial institutions to comply. However, the definition of “financial institution” can be confusing as it encompasses any businesses, regardless of size, that are “significantly engaged” in providing financial products or services. This includes, check-cashing businesses, payday lenders, mortgage brokers, nonbank lenders, personal property or real estate appraisers, professional tax preparers, and courier services.
According to the Code of Federal Regulations, § 314.2(h), if your institution is engaged in significant financial activities, the FTC requirements apply to your business and compliance is required by June 9, 2023.
View the FTC’s guidelines for more information on whether your organization falls under the FTC Safeguards Rule.
The Safeguards Rule requires companies to develop a written information security plan that describes their program to protect customer information. The plan must be appropriate to the company’s size and complexity, the nature and scope of its activities, and the sensitivity of the customer information it handles.
The Safeguards Rule requires companies to assess and address the risks to customer information in all areas of their operation, including three areas that are particularly important to information security: Employee Management and Training; Information Systems; and Detecting and Managing System Failures.
The new deadline is June 9, 2023. After this deadline, companies can face hefty penalties for non-compliance.