Data Encryption Software for FTC Safeguard Rule

What is the FTC Safeguards Rule?

According to the Federal Trade Commission (FTC), The Safeguards Rule requires financial institutions under FTC jurisdiction to have measures in place to keep customer information secure.

The FTC Safeguards Rule outlines encryption as a way to strengthen the security of customer data. Rule 314.4 (c) (3) states: "In order to develop, implement, and maintain your information security program, you shall... Protect by encryption all customer information held or transmitted by you both in transit over external networks and at rest."

Laptop displaying Virtru’s data encryption options for emails

Two men sitting across each other shaking hands

Who Does the FTC Safeguards Rule Apply to?

The Safeguards Rule applies to "financial institutions” over which the Commission has rulemaking authority pursuant to section 501(b) of the Gramm-Leach-Bliley Act.

View the FTC's guidelines for more information on whether your organization falls under the FTC Safeguards Rule.

Auto Dealerships

Auto dealerships manage sensitive consumer financial data related to vehicle purchases and loans. Auto dealerships need to securely collect and manage this financial data, whether via email or secure file-sharing platforms.

Read our blog to learn more about what FTC amendments apply to auto dealerships and how to apply data encryption to meet those requirements.

Mortgage Lenders

The mortgage application process includes the collection of a wide range of sensitive consumer data. Mortgage lenders should leverage encrypted file transfer solutions to securely collect and share sensitive data with loan applicants.

Financial Advisors and Tax Preparation Firms

Trusted financial advisors should respect client data by securing their sensitive financial information. As advisors increasingly use cloud-based services and email to communicate with clients, it's essential to protect consumer data with encryption.

Other Industries

The FTC highlights additional organizations that may fall under the Safeguard Rule, including travel agencies, check cashiers, wire transferors, collection agencies, and more.

Deploy Virtru to Meet Encryption Standards Under the FTC Safeguards Rule

Virtru’s Zero Trust security solutions help financial services companies ensure compliance by safeguarding their customers’ data with end-to-end encryption, everywhere that data moves.

Virtru’s data and file encryption options for Google and Microsoft applications

Encrypt Emails and Files in Google Workspace and Microsoft 365

Email represents a massive surface area of risk, especially when sensitive data is shared over email. Virtru’s email encryption layers into the applications your employees already use, so they don’t have to change their workflows to protect sensitive data.

View Products

Securely Collect Financial Information with Secure Share

Sending sensitive documents over email is not always a viable option. Instead, a file-sharing solution with complete data privacy controls is required. Secure Share enables you to securely send and receive files of nearly any size with individuals inside and outside your organization.

Discover Secure Share

Graphic that shows how Virtru allows you to control access to data shared externally and possessed internally

Apply Zero Trust Controls to Data Inside and Outside Your Organization

Need to protect data moving across custom-built apps or even edge devices? Join the more than 7,000 customers who have already partnered with Virtru to execute a Zero Trust strategy that moves safeguards your customers' data, anywhere it moves.

View Virtru's Data Protection Platform

Automate Encryption for SaaS Apps like Salesforce and Zendesk

Sensitive data flows throughout your organization. Safeguard that information by putting Virtru’s data protection gateway in place to automatically encrypt and decrypt data moving in and out of apps like Salesforce, Zendesk, and others.

Unlock Security in SaaS Apps

Virtru’s supported workflows for SaaS applications

Virtru Supports PCI, GLBA, CFPB, and FINRA Compliance

Secure Cardholder Data for PCI Compliance

For those who accept or process payment cards, Payment Card Industry (PCI) data security standards apply to you, and those include protecting stored cardholder data as well as encrypting the transmission of cardholder data across open, public networks. It also requires maintaining a policy that addresses information security for employees and contractors.

Data Encryption for GLBA Compliance

The Gramm-Leach-Bliley Act requires financial institutions (including insurance providers) to safeguard customer information by developing, implementing, and maintaining a comprehensive information security program, one element of which is to “protect by encryption all customer information held or transmitted by you both in transit over external networks and at rest,” wherever feasible.

Ensure Confidentiality of Sensitive Information for FINRA Compliance

Largely aligned with the National Institute of Standards and Technology (NIST) recommendations for cybersecurity, FINRA evaluates firms’ cybersecurity and risk management processes to ensure customer data is protected. According to FINRA, it “assesses a firm’s ability to protect the confidentiality, integrity, and availability of sensitive customer information.”

Preserve Consumer Privacy for CFPB Compliance

The Consumer Financial Protection Bureau underscores the need to comply with GLBA, particularly as it relates to transparently communicating privacy practices to consumers.