January 26, 2022

Volume XII, Number 26

Advertisement
Advertisement

January 26, 2022

Subscribe to Latest Legal News and Analysis

January 25, 2022

Subscribe to Latest Legal News and Analysis

January 24, 2022

Subscribe to Latest Legal News and Analysis

FTC Adopts New Requirements to Strengthen Financial Data Security

The FTC adopted additional amendments to its Standards for Safeguarding Customer Information (the "Safeguards Rule") to strengthen the data security measures that financial institutions must implement to protect consumer financial data. The amendments include:

  • imposing additional requirements for an information security program, including access controls, encryption, and authentication protocols; and

  • increasing the potential for individual liability for breaches at financial institutions by (i) designating a single individual chief information security officer responsible for the security program and (ii) requiring periodic reports by that individual to the firm's directors.

Amendments made to FTC Rule 314.4 ("Elements") will go into effect one year after publication in the Federal Register; certain other amendments will go into effect 30 days after their publication in the Federal Register.

FTC Commissioners Noah Joshua Phillips and Christine S. Wilson dissented, stating that the amendments are "wholly unsupported by record evidence of prevalent failures at the senior managerial level." Mr. Phillips and Ms. Wilson also argued that the amendments (i) were premature, (ii) reduce flexibility and (iii) impose substantially increased costs that will be difficult for smaller firms to bear.

FTC Chair Lina M. Khan and FTC Commissioner Rebecca Kelly Slaughter supported the amendments pointing to the Equifax breach as well as to "the recent history of major data breaches," in support of their positions.

The FTC also requested comment on a proposal to further amend the Safeguards Rule by requiring financial institutions to report to the FTC a security breach that could affect the information of at least 1,000 consumers. Comments to that proposal must be submitted within 60 days of its publication in the Federal Register.

© Copyright 2022 Cadwalader, Wickersham & Taft LLPNational Law Review, Volume XI, Number 301
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Steven Lofchie, Cadwalader, financial services regulation attorney, derivatives market lawyer
Partner

Steven Lofchie, a partner in the Financial Services Group, concentrates his practice in advising financial institutions on regulatory issues and on derivatives and other financial instruments. He is consistently recognized in the United States by Chambers USA, Legal 500, and IFLR 1000 in the areas of financial services regulation and derivatives. The Best Lawyers in America also selected Steven as one of the nation's leading lawyers in several areas including: Administrative/Regulatory, Derivatives and Futures, Securities/Capital Markets, and...

212 504 6700
Advertisement
Advertisement
Advertisement