Why FTC’s GLB Safeguards Rule update is noteworthy

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

On Oct. 27, the U.S. Federal Trade Commission adopted a new Gramm-Leach-Bliley Safeguards Rule. The revision imposes more detailed data security requirements than the original GLB rule promulgated in 2002. Strictly speaking, the rule only applies to financial institutions under the FTC’s jurisdiction. More broadly, however, the new rule signals that the commission will expect some very specific elements in the cybersecurity program of any entity collecting personal information.

First, as to coverage. Under GLB, the FTC has jurisdiction over a broad grab bag of entities not regulated by any other financial services regulator. These include mortgage lenders, “pay day� lenders, finance companies, mortgage brokers, account servicers, check cashers, wire transferors, travel agencies operated in connection with financial services, collection agencies, credit counselors and other financial advisors, tax preparation firms, retailers that extend credit by issuing their own credit cards directly to consumers, certain automobile dealerships, personal property or real estate appraisers, even career counselors who specialize in providing career counseling services to individuals

Read the article