Support Centre

USA: FTC proposes amendments to financial institutions safeguards and privacy rules

The Federal Trade Commission ('FTC') announced, on 5 March 2019, that it is seeking comments on proposed amendments to the Standards for Safeguarding Customer Information ('the Safeguards Rule') and the Privacy of Consumer Financial Information Rule ('the Privacy Rule') under the Gramm-Leach-Bliley Act of 1999 ('GLBA'). The FTC's proposed changes to the Safeguards Rule include requiring financial institutions to encrypt customer data, to implement access controls to prevent unauthorised users from accessing customer information, and to use multi-factor authentication to access customer data. Additionally, the FTC proposed to expand the definition of financial institution in both rules to specifically include 'finders,' defining it as those who charge a fee to connect consumers to a lender when they are looking for a loan.

You can read the press release here.

UPDATE (22 May 2019)

FTC extends comment deadline on proposed changes to safeguards rule

The FTC announced, on 21 May 2019, that it had agreed to extend its deadline for comments on its proposed amendments to the Safeguards Rule until 2 August 2019. It further outlines that comments on the proposed changes to the Privacy Rule are due on 3 June 2019, the original comment deadline.

You can read the press release here.

UPDATE (2 August 2019)

CUNA sends letter to FTC on proposed changes to safeguards rule

The Credit Union National Association ('CUNA') sent, on 1 August 2019, a letter ('the Letter') to the FTC in support of the FTC's proposed changes to the Safeguards Rule, and as part of the FTC's call for comments on the same. In particular, the Letter outlines CUNA's support for, among other things, requirements that financial institutions establish an incident response plan under the Safeguards Rule, the broadening of the definition of financial institution to maximise consumer protection, and for the FTC to lead an effort to the U.S. Congress for the consideration of federal privacy legislation.

You can read the press release here and the Letter here.

UPDATE (7 August 2019)

ABA send letter to FTC on proposed changes to safeguards rule

The American Bankers Association ('ABA') announced, on 6 August 2019, that it had sent a letter ('the Letter') to the FTC, on 2 August 2019, alongside the Bank Policy Institute's Business Innovation Technology and Security division and the Securities Industry and Financial Markets Association, in response to the FTC's call for comments on its proposed changes to the Safeguards Rule. In particular, the Letter recommends, among other things, that the FTC harmonise the amendments to its Safeguards Rule with the Federal Financial Institutions Examination Council's Interagency Guidelines Establishing Information Security Standards, and map its amendments to the Financial Services Sector Coordinating Council Cybersecurity Profile to ensure that cybersecurity professionals remain focused on identifying, managing, and mitigating data security risks, rather than on revising policies and procedures to align with the FTC's amendments. In addition, the Letter highlights concerns that the FTC's amendments represent a substantial departure from the historical risk-based approach that the FTC and other regulators have taken with respect to implementing security requirements under the GLBA.

You can read the press release here and the Letter here.