FTC Calls for Comments on Safeguards Rule

Published On August 30, 2016 | By Marci Rozen | FTC & State AG
TwitterLinkedInFacebookRedditCopy LinkEmailPrint

The FTC has issued a notice calling for comments on Standards for Safeguarding Customer Information, also known as the “Safeguards Rule.” The review of the Safeguards Rule, which took effect in 2003, is part of the FTC’s systemic, once-per-decade review of all FTC rules and guides.

As background, the Safeguards Rule implements Section 501(b) of the Gramm-Leach-Bliley Act, and requires financial institutions under the FTC’s jurisdiction to develop, implement, and maintain a comprehensive information security program for handling customer information (called “non-public information” or NPI).

The FTC seeks comment on a number of questions, including the economic impact and benefits of the Safeguards Rule; possible conflict between the Rule and state, local or other federal laws or regulations; and the effect on the Rule of any technological, economic or other industry changes. The comment period presents an excellent opportunity for financial institutions and their vendors to provide feedback to the FTC on what parts of the Safeguards Rule have worked or need to be revised in light of technology, economic, and legal changes over the past decade. Comments are due on November 7, 2016. If you would like to file comments, please contact the ZwillGen attorney with whom you work.

About The Author

Marci counsels companies on a wide variety of issues involving privacy, cybersecurity, and information law. She routinely helps companies evaluate and develop corporate privacy and information security programs, and provides advice on matters involving cross-border data transfers, insider threat prevention and detection, cloud computing, and electronic surveillance. Marci also assist clients in responding to data breaches, including issuing breach notifications required under state and federal breach notification laws, advising on remediation efforts, and handling litigation and enforcement actions arising from data security incidents.

Leave a Reply

Your email address will not be published. Required fields are marked *