For certain provisions of the updated Safeguards Rule, the Federal Trade Commission has extended the compliance deadline by six months – to June 9, 2023 – in response to reports of personnel shortages and supply chain issues, mostly due to COVID-19. The original deadline to implement these changes was December 9, 2022. The provisions included in the extension are:
- Designate a qualified person to oversee the information security program
- Develop a written risk assessment
- Limit and monitor who can access sensitive customer information
- Encrypt all sensitive information
- Train security personnel
- Develop an incident response plan
- Periodically assess the security practices of service providers and
- Implement multi-factor authentication or another method with equivalent protection for anyone accessing customer information.
You can read the notice here.