Most companies don’t consider regulatory compliance and data security thrilling next-level adventures, and we have a hot take on that!

The original FTC Safeguards Rule first took effect in 2003 to ensure that financial institutions maintained a given set of safeguards to ensure the security of customer information – but the FTC recently issued new regulations to amend the Safeguards Rule, with significant modifications “kicking in” on June 9th that includes massive fines of up to $11,000 per day, per occurrence of a data breach. Here’s the Brain+Trust hot take: that’s fantastic news!

Your customers produce staggering amount of information between their phones, computers, smartwatches, cars, TVs, smart speakers, and more. By some estimates, a typical internet user can produce nearly 147 GB of data in a single day — and that incredible amount of data presents a significant challenge to organize, decipher, and safeguard … and if you get it right, the opportunity that data presents can be even bigger.

“Data isn’t just a resource—it’s the lifeblood of the operation,” writes Dirk Shaw on the Future Minded data blog. “With terabytes of information coursing through our digital veins, (companies) have the power to create hyper-personalized experiences and drive user engagement to unprecedented heights.”

Going a step further, Shaw writes that, “Data privacy isn’t just a necessary hurdle or a box to tick—it’s a valuable brand asset, a competitive differentiator in an age where trust is as valuable as gold.”

Shaw is spot-on here, and virtually every new facet of the June 2023 FTC Safeguards Rule amendment can be read with a different set of eyes. One that doesn’t just see scary regulatory teeth and the threat of looming liability, but a prescription for how companies can clean up their data and put it to work for them.

“There are provisions in the revised Safeguards Rule that require covered companies to do a number of things to ensure data privacy,” explains Tim Hayden, Brain+Trust CEO. “Things like designating a qualified person to oversee their data, implement multi-factor authentication or another method with equivalent protection for anyone accessing customer data, monitoring who can access that sensitive data, and, finally, preparing a written risk assessment for their data.”

Admittedly, that might seem easier said than done — but companies like Brain+Trust are working on ways to streamline the process, making it easy for companies to “get a handle on” their data risk.


Getting Organized

Using an advanced AI agent to map your digital assets, Brain+Trust guides your business through a thorough review of your technology investment, mapping the systems that are currently in place, identifying the vulnerability of those systems, and verifying both authentication and permissions using an approachable and intuitive dashboard that turns your company’s mountain of data into easily moveable stones.

The man who moved a mountain was the one who began carrying away small stones.
Chinese Proverb

The first step towards compliance with data privacy rules is to truly understand the systems you use, defined as your “digital assets.” Digital assets encompass the systems, applications, and technologies that enable businesses to collect, store, and process data. From customer information and financial records to intellectual property and trade secrets, these digital assets hold invaluable data that requires stringent protection.

Using an advanced AI agent to build a comprehensive inventory of your digital assets, including both internal systems and third-party services, Brain+Trust presents a clear picture of your company’s data ecosystem. From there, it’s possible to determine the type of data each asset handles, its sensitivity, and its criticality to your business operations, so you can intelligently consider potential risks associated with each asset, prioritizing your compliance efforts and allocating resources accordingly.

Next, assign clear responsibility to individuals or teams within your organization to verify the status of each data asset – establishing the foundation of a sound data privacy policy and setting the stage for a comprehensive systems audit, written risk assessment, and a pre-underwriting report to enable your company to secure the best possible cyber insurance coverage.

It all starts with getting organized.

“Getting data privacy right isn’t just about following the law; it’s about earning the trust of your customers and helping to build a genuine, human connection,” says Tim. “In today’s market, that’s priceless.”


The pre-underwriting dashboard.


Co-authored by Tim Hayden & Jo Borrás