The Federal Trade Commission (“FTC”) announced on November 15th that it is extending the deadline for the revised Safeguards Rule (“Rule”) by six months. It is important to note that this extension only affects some of the requirements and will make them effective on June 9, 2023.

The provisions that have been extended include the following requirements:

  • Designating a qualified individual to oversee the information security program
  • Completing written risk assessments
  • Monitoring the access and use of sensitive customer information
  • Penetration testing & vulnerability scanning
  • Encrypting systems containing customer information
  • Training employees on security awareness
  • Vendor & Service Provider risk assessments
  • Implementing MFA on all systems containing customer information
  • Completing a device and systems inventory


Notably, the provisions that are NOT delayed include the following:

  • Implementing a written Information Security Program (ISP)
  • Getting your vendors who collect customer information (“Service Providers”) to sign a contract promising to implement reasonable safeguards
  • Implement a system capable of detecting attacks and intrusions on your network

Dealers are strongly encouraged to continue in their efforts to expeditiously comply with all the new requirements of the Rule to achieve full compliance by the new deadline.

If you’re feeling behind, or need any help whatsoever achieving compliance, please contact [email protected]. ComplyAuto is an Endorsed Partner of FADA, because it is a true “one-stop-shop” helping dealers with the technical requirements listed above, such as intrusion and attack detection (EDR/MDR), multi-factor authentication (MFA), device encryption, and monitoring use of sensitive customer information (DLP).