The publication, entitled "Financial Institutions and Customer Data: Complying with the Safeguards Rule," emphasises that strong information security practices are not only required by law, but also make good business sense. According to the guidelines, institutions that demonstrate a high level of protection against identity theft and fraud "will garner consumer confidence."
The guidelines also advise companies to consider all areas of their operation when implementing the Rule, including employee training and information systems. It is also suggested that companies should check the references of employees that could have access to customer information, and ask these employees to sign confidentiality agreements.
The Safeguards Rule applies to businesses in the US, regardless of size, that are "significantly engaged" in providing financial products or services to consumers, including non-bank lenders, mortgage brokers, credit agencies, tax professionals and courier services.
Such institutions are obliged to submit a written information security plan that describes the specific ways their employees should protect consumer information. They are also responsible to ensure that their affiliates and service providers safeguard customer information in their care.
The FTC publication is available at:
www.ftc.gov/bcp/conline/pubs/buspubs/safeguards.htm
The Safeguard Rule is available at:
www.ftc.gov/privacy/glbact/
Additional FTC guidance on information security can be found at:
www.ftc.gov/bcp/conline/edcams/infosecurity