Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
May 10, 2023
Twenty years ago, the Federal Trade Commission (FTC) developed a set of five loose guidelines for securing personal data—specifically aimed at large financial institutions. With increased scrutiny for protecting personal data, the FTC modified the guidelines and published a more detailed list of privacy practices, titled, Standards for Safeguarding Customer Information (16 CFR Part 314) in December 2021. Along with more detailed requirements for securing personal data, the definition of “financial institution” was expanded to include many non-traditional businesses that now qualify as financial institutions.
The changed rules now impact a different set of organizations than the original rules targeted, including medium-sized businesses that are not traditionally considered financial institutions. There is an exclusion for small businesses that maintain fewer than five thousand customer records. One effect of the rule change is the imposition of privacy regulations on organizations that do not qualify for state-specific or international privacy rules. Because the FTC moved the start of enforcement out to June 2023, the scope of organizations that qualify for compliance continues to be refined.
The new rules target organizations that have not been perceived as financial institutions, yet they handle and store personal data collected during financial transactions. Under the new rules, the following types of organizations are expected to comply:
Some traditional financial institutions are exempt from these regulations:
Privacy regulations are constantly changing and impacting the way organizations secure their personal data. Remember: data privacy compliance is a journey, not a destination. For organizations that are new to privacy compliance, building a roadmap should be the first step in beginning the journey.
Steps to Maturity:
It is common for organizations that qualify for compliance with the Safeguards Rule to collect, process, and store personal data for years and become unaware of where personal data is kept. Understanding where the regulatory data is located should be one of the first steps toward compliance. Many data discovery tools are built to support large organizations, like banks and insurance companies, and come with a price tag that is beyond reach for smaller firms.
Data discovery tools have evolved over the past decade to pinpoint business need and scale. These tools can provide visibility across enterprise data storage--increasing the organization’s security posture and remaining within a reachable budget for medium-sized organizations.
If you have questions about the Safeguards requirements and how they might affect your organization, click here to learn more about our offerings or drop us a line.
Optiv Security: Secure greatness.®
Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.
April 10, 2023
Let Optiv get you up to speed on U.S. privacy legislation with Privacy Bracketology - a fun, accessible way to prepare for the changes ahead.
January 16, 2024
Organizations build trust around how they collect, use and share data by providing consumers with better transparency, choice and control.
April 14, 2023
Iowa becomes the sixth state to pass a modern consumer privacy law. Iowa’s privacy law, which goes into effect in 2025, offers consumers various....
Let us know what you need, and we will have an Optiv professional contact you shortly.