cybersecurity exemptions for orgs with less than 5,000 clients

you may be off the hook, but not out of the woods.

by donny shimamoto

management consulting company aon described an exemption for some of the ftc requirements for firms that handle the personal identifiable information (pii) of less than 5,000 consumers.[i]

the safeguards rule provides an exception from certain requirements if the covered financial institution maintains customer information concerning fewer than 5,000 consumers. a consumer is defined in section 314.2(b)(1) of the safeguards rule as “an individual who obtains or has obtained a financial product or service from the financial institution that is used primarily for personal, family, or household purposes, or that individual’s legal representative.”

more:  how hacker-proof is your firm? | unleashing the power of technology: transforming accountants into trusted advisors | future firm growth requires a mindshift | ai, ocr, nlp & cpas: oh my!   |  accounting nerds, unlock your super powers  | early adopters gain an edge in audit | dustin wheeler: for serious cas success, hire tech teams | csr for cpas: the missing ingredient | donny shimamoto explains how ‘agile’ applies to cpa firmsstaff retention for remote workers | why the future is in risk advisory |  ready for non-cpa “cpa” firms?
goprocpa.com exclusively for pro members. log in here or 2022世界杯足球排名 today.

essentially if you handle less than 5,000 social security numbers, then it would appear that you can take advantage of this exemption. aon went on to report that if you fall under this exemption, then you do not need to address the following requirements: