FTC Safeguards Deadline Extended to June 2023

For certain provisions of the updated Safeguards Rule, the Federal Trade Commission has extended the compliance deadline by six months – to June 9, 2023 – in response to reports of personnel shortages and supply chain issues, mostly due to COVID-19. The original deadline to implement these changes was December 9, 2022. The provisions included in the extension are:

• Designate a qualified person to oversee the information security program
• Develop a written risk assessment
• Limit and monitor who can access sensitive customer information
• Encrypt all sensitive information
• Train security personnel
• Develop an incident response plan
• Periodically assess the security practices of service providers and
• Implement multi-factor authentication or another method with equivalent protection for anyone accessing customer information.

You can read the notice here.