Qualified Individual Reporting to Board (314.4(i))

The FTC's Safeguarding Customer Information rule (16 CFR § 314) obliges each covered entity to designate a qualified individual responsible for the security program and to report that person's name, qualifications and authority to the board of directors. Under § 314.4(i) the board must receive this information in writing and retain it for inspection. This ensures top-level oversight of the entity's data-protection efforts.