Webinar: Join us, Tues 5/24. Nightfall & Hanzo experts will discuss how machine learning can enhance data governance, data security, and the efficiency of legal investigations. Register now ⟶

Blog 2 min read

What is the FTC Safeguards Rule?

by Michael Osakwe Published Oct 06, 2022

The FTC Safeguards Rule, is a set of regulations promulgated by the Federal Trade Commission in order to protect the privacy of consumers’ personal information. The Rule requires financial institutions to develop, implement, and maintain a comprehensive information security program designed to safeguard customer information. 

The Safeguards Rule was first enacted in 2003, which required the FTC to issue regulations requiring financial institutions to develop and maintain safeguards to protect the confidentiality, integrity, and security of customer information. 

The Safeguards Rule applies to any company that holds or uses consumer financial information. This includes companies that are subject to GLBA, as well as companies that are not subject to GLBA but that hold or use consumer financial information in connection with providing a financial product or service.

Under the rule, financial institutions must take steps to secure customer information from unauthorized access, use, or disclosure. To do this, they must conduct a risk assessment and put in place physical, technical, and administrative safeguards appropriate to their size and complexity and the sensitivity of the customer information they hold. The rule also requires firms to train their employees on their information security program and practices.

Financial institutions must review their information security program periodically to ensure that it is effective in safeguarding customer information. They must also update their program in response to changes in their business or technology. 

Key Takeaways:

  • The FTC’s Safeguards Rule applies to all entities subject to the GLBA’s provisions mandating information security plans. These include banks, savings associations, credit unions, securities broker-dealers, insurance companies, and money services businesses.
  • Financial institutions must appoint someone to coordinate their information security program. They should develop reasonable policies and procedures to ensure that customer information is protected from unauthorized access or use. Financial institutions should train their employees on these procedures and take steps to detect and prevent attempted or unauthorized access or use of customer information. Financial institutions should also periodically test their security measures. Lastly, they should develop an understanding of service providers’ compliance with their obligations under any agreement or other arrangement they may have with a provider.
  • Financial institutions must take reasonable steps to verify that customer information is protected while in transit over public networks. They should also encrypt all confidential customer information in-transit. Lastly, they should have reasonable measures in place to prevent unauthorized electronic access to customer information that is stored on their systems.
  • Financial institutions must take reasonable steps to physically secure all areas where customer information is stored, such as employee offices and file cabinets. They should also have electronic access control systems in place throughout their technology stack, including in cloud tools.

Subscribe to our newsletter

Receive our latest content and updates

Nightfall logo icon

About Nightfall

Nightfall is the industry’s first cloud-native DLP platform that discovers, classifies, and protects data via machine learning. Nightfall is designed to work with popular SaaS applications like Slack, Google Drive, GitHub, Confluence, Jira, and many more via our Developer Platform. You can schedule a demo with us below to see the Nightfall platform in action.


Schedule a Demo

Select a time that works for you below for 30 minutes. Once confirmed, you’ll receive a calendar invite with a Zoom link. If you don’t see a suitable time, please reach out to us via email at sales@nightfall.ai.

call to action

See Nightfall in action.

Schedule a demo