A Reminder: Deadline for FTC Safeguard Rules is June 9
Written risk assessment and encryption of sensitive information are among data security provisions due next month.
By Rick Cox
For certain provisions of the updated Safeguards Rule, the Federal Trade Commission extended the compliance deadline by six months – to June 9, 2023 – in response to reports of personnel shortages and supply chain issues, mostly due to COVID-19. The original deadline to implement these changes was December 9, 2022.
The provisions included in the extension are:
- Designate a qualified person to oversee your institution’s information security program.
- Develop a written risk assessment.
- Limit and monitor who can access sensitive customer information.
- Encrypt all sensitive information.
- Train security personnel.
- Develop an incident response plan.
- Periodically assess the security practices of service providers.
- Implement multi-factor authentication or another method with equivalent protection for anyone accessing customer information.
Financial aid teams can read the notice here.
Federal Student Aid has developed two new factsheets for Institutes of Higher Education. To learn how to establish a cybersecurity incident response plan (IRP) – or to strengthen your institution’s IRP – check out FSA’s Cybersecurity Incident Planning for Institutes of Higher Education fact sheet.
FSA’s new Media Sanitization and Disposal Best Practices factsheet details how to properly destroy media, such as mobile devices, computers and USB drives, to protect confidential data and proprietary information.
Rick Cox is Global’s Executive Director of Regulatory Affairs and Compliance