FTC Safeguards: The HIPAA for Companies Handling Sensitive Financial Data

Regulations | February 5, 2023 | Zero Comments

Todd Crane


The Federal Trade Commission (FTC) Safeguards Rule is a crucial regulation that helps protect the privacy of financial data. Just like the Health Insurance Portability and Accountability Act (HIPAA) protects the privacy of health data, the FTC Safeguards Rule ensures that companies handling sensitive financial data are taking the necessary steps to secure it. In this blog post, we’ll explore the updated FTC Safeguards Rule and the types of companies that fall under its jurisdiction

The Original FTC Safeguards Rule

The FTC Safeguards Rule was first introduced in 1999 as part of the Gramm-Leach-Bliley Act (GLBA). The GLBA was enacted to regulate the financial services industry, and the Safeguards Rule was included to ensure that financial institutions adequately protected consumer data.

Under the original Safeguards Rule, financial institutions were required to develop, implement, and maintain a comprehensive information security program to protect the confidentiality and security of consumer data.

The Updated FTC Safeguards Rule

The updated FTC Safeguards Rule, which went into effect in January 2018, expands the scope of the original Safeguards Rule to cover all companies that collect, store, or use sensitive consumer data. This includes not only traditional financial institutions but also retailers, tech companies, and other businesses that handle sensitive financial information.

The updated Safeguards Rule requires that all companies:

  • Design and implement a comprehensive information security program to protect the confidentiality, integrity, and availability of sensitive consumer data.
  • Regularly monitor and test the security of their information systems.
  • Ensure that third-party service providers who handle sensitive consumer data are contractually obligated to implement and maintain reasonable information security measures.

Why the FTC Upgraded the Safeguards Rule

The FTC updated the Safeguards Rule to better align with the modern digital landscape and to better protect consumers from data breaches and privacy violations. With the increasing amount of sensitive financial data being collected, stored, and shared by companies, it’s essential that stronger safeguards are in place to prevent potential data breaches and to protect consumers.


The updated FTC Safeguards Rule is an essential step in protecting the privacy of financial data. By requiring companies handling sensitive financial information to implement comprehensive information security programs, regularly monitor and test their systems, and ensure that third-party service providers are adequately protecting sensitive consumer data, the Safeguards Rule helps to secure financial data and prevent potential data breaches. It is the HIPAA for companies handling sensitive financial data.

Gray Beard Cybersecurity

Gray Beard Cybersecurity is an award-winning cybersecurity firm and managed IT provider with offices in Nashville, TN, Plano, TX, and Tucson, AZ. They specialize in assessing and reducing cyber risk for small and mid-sized businesses. They can reduce complex technical problems and solutions down to the simplest of terms that any business owner can understand, regardless of technology literacy.

Get our Newsletter

We send out a weekly newsletter breaking down relevant stories throughout the week