January 18, 2022

Volume XII, Number 18

Advertisement
Advertisement

Non-Banking Institutions Will Want to Review Security Measures in Light of Update to Safeguards Rule

The FTC recently announced a final rule updating its GLBA Safeguards Rule to “strengthen the data security safeguards” of consumer financial information. The FTC reported that it was making these changes in response to widespread data breaches and cyberattacks.  As we reported in our sister blog, the changes will mean that a broad range of non-banking financial institutions may need to make updates to their data security policies and procedures. The new requirements go into effect in November 2022.

The final rule adds specificity to the existing rule’s requirements around data security measures. The update specifies several measures entities need to have in place. This includes having access controls, authentication and encryption as part of the organization’s overall information security program. It also requires them to have a single qualified individual to oversee their information security program. The update adds a requirement of periodic reports to boards of directors, having a written risk assessment and incident response plan, as well as conducting periodic assessments of service providers.

The update also expands the definition of “financial institution” to include entities engaged in activities that the Federal Reserve Board determines to be incidental to financial activities. This change adds “finders”– companies that bring together buyers and sellers of a product or service – within the scope of the Rule.

Putting It Into Practice:  Covered non-banking financial institutions should review their current data security measures to ensure they address the new specifics outlined in the update to the Safeguards Rule. These include access authentication, a person in charge of security measures, and service provider assessments.

Copyright © 2022, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume XI, Number 308
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Moorari Shah Bankruptcy Lawyer Sheppard Mullin Law Firm
Partner

Moorari Shah is a partner in the Finance and Bankruptcy Practice Group in the firm's Los Angeles and San Francisco offices. 

Areas of Practice

Moorari combines deep in-house and law firm experience to deliver practical, business-minded legal advice. He represents banks, fintechs, mortgage companies, auto lenders, and other nonbank institutions in transactional, licensing, regulatory compliance, and government enforcement matters covering mergers and acquisitions, consumer and commercial lending, equipment finance and leasing, and supervisory examinations,...

213-617-4171
A.J. S. Dhaliwal Bankruptcy Attorney Sheppard Mullin Washington DC
Associate

A.J. is an associate in the Finance and Bankruptcy Practice Group in the firm's Washington, D.C. office. 

A.J. has over a decade of experience helping banks, non-bank financial institutions, and other companies providing financial products and services in a wide range of matters including government enforcement actions, civil litigation, regulatory examinations, and internal investigations.

With a diversified regulatory, compliance, and enforcement background, A.J. counsels financial institutions in matters involving...

202-747-2323
Liisa Thomas, Sheppard Mullin Law Firm, Chicago, Cybersecurity Law Attorney
Partner

Liisa Thomas, a partner based in the firm’s Chicago and London offices, is Co-Chair of the Privacy and Cybersecurity Practice. Her clients rely on her ability to create clarity in a sea of confusing legal requirements and describe her as “extremely responsive, while providing thoughtful legal analysis combined with real world practical advice.” Liisa is the author of the definitive treatise on data breach, Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification, which has been described as “a no-nonsense roadmap for in-house and...

312-499-6335
Advertisement
Advertisement
Advertisement