FTC Extends Compliance Deadline for New Safeguards Rule

The Federal Trade Commission today announced it is extending by six months the deadline for companies to comply with some of the amendments to the FTC’s Safeguards Rule. Earlier this year, NADA submitted comments to the FTC seeking an extension of the deadline. The deadline for complying with some of the updated requirements of the Safeguards Rule is now June 9, 2023.

The provisions of the updated rule specifically affected by the six-month extension include requirements that covered financial institutions:

  • designate a qualified individual to oversee their information security program,
  • develop a written risk assessment,
  • limit and monitor who can access sensitive customer information,
  • encrypt all sensitive information,
  • train security personnel,
  • develop an incident response plan,
  • periodically assess the security practices of service providers, and
  • implement multi-factor authentication or another method with equivalent protection for any individual accessing customer information.

Dealers are encouraged to continue in their efforts to expeditiously comply will all the new requirements of the Rule but should consult with their attorneys, service providers and IT professionals about the potential impact of this deadline extension.

For more information on the FTC Safeguards Rule, click here.

Download Bulletin PDF