FTC Safeguards Deadline Extended to June 2023

For certain provisions of the updated Safeguards Rule, the Federal Trade Commission has extended the compliance deadline by six months – to June 9, 2023 – in response to reports of personnel shortages and supply chain issues, mostly due to COVID-19. The original deadline to implement these changes was December 9, 2022. The provisions included in the extension are:

  • Designate a qualified person to oversee the information security program
  • Develop a written risk assessment
  • Limit and monitor who can access sensitive customer information
  • Encrypt all sensitive information
  • Train security personnel
  • Develop an incident response plan
  • Periodically assess the security practices of service providers and
  • Implement multi-factor authentication or another method with equivalent protection for anyone accessing customer information.

You can read the notice here.