February 9, 2023

Volume XIII, Number 40

Advertisement

February 08, 2023

Subscribe to Latest Legal News and Analysis

February 07, 2023

Subscribe to Latest Legal News and Analysis

February 06, 2023

Subscribe to Latest Legal News and Analysis

FTC Adopts New Requirements to Strengthen Financial Data Security

The FTC adopted additional amendments to its Standards for Safeguarding Customer Information (the "Safeguards Rule") to strengthen the data security measures that financial institutions must implement to protect consumer financial data. The amendments include:

  • imposing additional requirements for an information security program, including access controls, encryption, and authentication protocols; and

  • increasing the potential for individual liability for breaches at financial institutions by (i) designating a single individual chief information security officer responsible for the security program and (ii) requiring periodic reports by that individual to the firm's directors.

Amendments made to FTC Rule 314.4 ("Elements") will go into effect one year after publication in the Federal Register; certain other amendments will go into effect 30 days after their publication in the Federal Register.

FTC Commissioners Noah Joshua Phillips and Christine S. Wilson dissented, stating that the amendments are "wholly unsupported by record evidence of prevalent failures at the senior managerial level." Mr. Phillips and Ms. Wilson also argued that the amendments (i) were premature, (ii) reduce flexibility and (iii) impose substantially increased costs that will be difficult for smaller firms to bear.

FTC Chair Lina M. Khan and FTC Commissioner Rebecca Kelly Slaughter supported the amendments pointing to the Equifax breach as well as to "the recent history of major data breaches," in support of their positions.

The FTC also requested comment on a proposal to further amend the Safeguards Rule by requiring financial institutions to report to the FTC a security breach that could affect the information of at least 1,000 consumers. Comments to that proposal must be submitted within 60 days of its publication in the Federal Register.

© Copyright 2023 Cadwalader, Wickersham & Taft LLPNational Law Review, Volume XI, Number 301
Advertisement
Advertisement
Advertisement

About this Author

At Cadwalader, Wickersham & Taft LLP, we put over 225 years of legal experience and innovation to work for you today. As one of the world's most prominent financial services law firms, we have long-standing client relationships with premier financial institutions, funds, Fortune 500 companies and other leading corporations, and individual private clients. We have earned a reputation for crafting innovative business and financial solutions and developing precedent-setting legal strategies to achieve our clients' goals. The result is simple: We stand out from...

212-504-6000
Advertisement
Advertisement
Advertisement