You may have some clients that are newly affected by recent changes to the rule, so you can win points by helping them prepare for the big day. Here’s a quick primer.
What is the Standards for Safeguarding Customer Information Rule?
The Federal Trade Commission’s (FTC’s) Safeguarding Customer Information Rule, commonly called the “FTC Safeguards Rule,” extends customer information protection rules for banking institutions to other firms processing and storing financial services information. As its name suggests, the rule aims to strengthen the protection of customer information in the digital age. It defines customer information as “any record containing nonpublic personal information about a customer of a financial institution, whether in paper, electronic or other form, that is handled or maintained by or on behalf of you or your affiliates.”
Who does the FTC Safeguards Rule impact?
Firms storing financial customer information records are subject to the new standards. Most people associate the rule with financial services firms—e.g., insurance and investment companies—but it could apply to any business processing large volumes of credit applications. (Auto dealers are oft-cited examples.)
What’s required to comply with the FTC Safeguards Rule?
A full breakdown of FTC Safeguards Rule compliance requirements is available here. For our purposes, we’ll rely on the FTC’s summary for creating a “reasonable information security program,” including:
- Designating a “Qualified Individual” to implement and supervise the company’s information security program
- Conducting a risk assessment
- Designing and implementing safeguards to control the risks identified through the risk assessment
- Regularly monitoring and testing the effectiveness of those safeguards
- Training staff
- Monitoring service providers
- Keeping the program current
- Creating a written incident response plan
- Requiring the Qualified Individual to report to the company’s board of directors
Note: Firms storing fewer than 5,000 records are exempt from several requirements, as noted here.
How can you help your clients comply with the FTC Safeguards Rule?
1. Remind your clients - Make sure your clients are aware of the upcoming deadline. Although the first compliance deadline (for December of last year) was pushed out, all signs indicate the new deadline of June 9 will stick.
2. Identify unmet requirements - Offer to walk your clients through the Rule’s requirements to identify what’s in place, what’s on track to be in place by June 9, and what they still need help with to get in compliance on time.
3. Make a plan - Create an action plan for items your clients need to address. Identify which of them your clients will complete directly and which your MSSP will take on or help with, such as creating an incident response plan or arranging needed cybersecurity services. NOTE: Don’t be bashful about making recommendations as you plan — you’re a trusted security expert!
4. Get help from your vendor’s channel team - If you’re working with a vendor that’s committed to the channel, they should have resources available to help you with your clients. Lean on them for insight, planning support and, if necessary, product/service closing assistance.
5. Do your part to close the gaps - Execute on the pieces you’re responsible for and lean on your vendors for help when needed.
6. Revisit outstanding items until they’re completed - Check in with your clients weekly until all requirements are in place.
Demonstrate Your Value
It’s well worth your effort to make sure your clients are on track for the deadline. Revenue opportunities aside, moments like this allow your MSSP to demonstrate value and build deeper relationships. Helping your clients achieve compliance over these next two months can engender years of customer loyalty. Even clients that have already achieved compliance will appreciate you reaching out to ensure they’re on track.
And if that’s not enough, do you really want to let your competitor walk in and hold their hand through the process? Didn’t think so. Roll those sleeves up and get out there to save the day.