US: FTC adopts updated Safeguards Rule and seeks comment on security event notification requirement
On October 27, 2021, the Federal Trade Commission (FTC) issued a final rule updating its information security rules for financial institutions’ protection of consumers’ financial information (the “Final Rule”). This is the first significant update to the FTC’s Safeguards Rule since it took effect in 2003. The Final Rule imposes a number of new specific information security requirements on financial institutions subject to the FTC’s jurisdiction.
Section 501(b) of the Gramm-Leach-Bliley Act (GLBA), 15 USC 6801(b), requires the FTC and the federal functional financial regulators to adopt regulations to establish administrative, technical, and physical security safeguards at financial institutions to protect the security and confidentiality of consumers’ financial information. The FTC’s Safeguards Rule implements this GLBA requirement, with the FTC having Safeguards Rule jurisdiction over mortgage lenders, certain non-bank lenders, finance companies, mortgage brokers, account services, check cashers, wire transferors, collection agencies, credit and financial advisors, tax preparation firms, and investment
Read the article