The FTC has announced additional time for financial institutions to comply with new Safeguards Rule changes.  In response to personnel shortages and supply chain issues, the new deadline is June 9, 2023:

What provisions are included in the six-month extension?  Consult the Federal Register Notice for details, but the extension applies to provisions in the revised Rule that require covered companies to:

    • designate a qualified person to oversee their information security program,

    • develop a written risk assessment,

    • limit and monitor who can access sensitive customer information,

    • encrypt all sensitive information,

    • train security personnel,

    • develop an incident response plan,

    • periodically assess the security practices of service providers, and

    • implement multi-factor authentication or another method with equivalent protection for anyone accessing customer information.