The GLB Safeguards Rule, which took effect in 2003, requires financial institutions to develop and maintain security programs for handling customer information.
The FTC has invited comments on:
- the need for the Rule and any suggested modifications;
- whether the Rule should be expanded to cover additional entities whose activities are significantly intertwined with financial affairs;
- the economic costs and benefits of the Rule;
- conflicts or overlap between the Rule and other laws or regulations;
- evidence on the degree and costs of compliance;
- the requirement for a breach response plan;
- incorporation of the NIST Cybersecurity Framework or the Payment Card Industry Data Security Standards;
- the impact of the Rule on technological or economic innovation.
All affected persons, particularly financial institutions, should take the opportunity to communicate their concerns to the FTC.
Comments should be submitted via an online form on the FTC website. They can also be mailed to: Federal Trade Commission, Office of the Secretary, 600 Pennsylvania Avenue, N.W., Suite CC-5610 (Annex B), Washington, D.C. 20580. The deadline for submissions is November 7, 2016.
| © Poyner Spruill LLP. All rights reserved.