Last week, the Federal Trade Commission (FTC) announced that it is seeking comments on proposed amendments to rules dealing with privacy and security of consumer information held by financial institutions. The two rules in question are the Safeguards Rule, which relates to information security programs, and the Privacy Rule, which relates to how the information is used.

Andrew Smith, Director of the FTC’s Bureau of Consumer Protection, states:

We are proposing to amend our data security rules for financial institutions to better protect consumers and provide more certainty for business. While our original groundbreaking Safeguards Rule from 2003 has served consumers well, the proposed changes are informed by the FTC’s almost 20 years of enforcement experience. It also shows that, where we have rulemaking authority, we will exercise it as necessary to keep up with marketplace trends and respond to technological developments.

The proposed changes to the Safeguards Rule would “require financial institutions to encrypt all customer data, to implement access controls to prevent unauthorized users from accessing customer information, and to use multifactor authentication to access customer data.”

The proposed changes to the Privacy Rule would bring it in line to give examples of only the entities that the FTC has rulemaking authority over. Specifically addressed here are motor vehicle dealers.

The comments will be due within 60 days of publication of the proposed changes in the Federal Register, which has yet to occur.


insideARM Perspective

Data security and privacy are important issues in 2019. The 2017 Equifax security breach caused a lot of concern regarding data security, specifically in the financial sector. On the privacy front, all eyes are on California as its implementation of the new Consumer Privacy Act continues to unfold. It is speculated that consumer privacy issues will spread throughout the country. Some states, including New York, Utah, Washington, and North Dakota, have already begun exploring their own privacy laws. Sounds like this is just the tip of the iceberg, folks.

Next Article: iA Video Series: The Power of Connection ...