ARTICLE
8 November 2021

Non-Banking Institutions Will Want To Review Security Measures In Light Of Update To Safeguards Rule

SM
Sheppard, Mullin, Richter & Hampton LLP

Contributor

Businesses turn to Sheppard to deliver sophisticated counsel to help clients move ahead. With more than 1,200 lawyers located in 16 offices worldwide, our client-centered approach is grounded in nearly a century of building enduring relationships on trust and collaboration. Our broad and diversified practices serve global clients—from startups to Fortune 500 companies—at every stage of the business cycle, including high-stakes litigation, complex transactions, sophisticated financings and regulatory issues. With leading edge technologies and innovation behind our team, we pride ourselves on being a strategic partner to our clients.
The FTC recently announced a final rule updating its GLBA Safeguards Rule to "strengthen the data security safeguards" of consumer financial information.
United States Technology
Sheppard, Mullin, Richter & Hampton LLP are most popular:
  • within Cannabis & Hemp topic(s)

The FTC recently announced a final rule updating its GLBA Safeguards Rule to "strengthen the data security safeguards" of consumer financial information. The FTC reported that it was making these changes in response to widespread data breaches and cyberattacks.  As we reported in our sister blog, the changes will mean that a broad range of non-banking financial institutions may need to make updates to their data security policies and procedures. The new requirements go into effect in November 2022.

The final rule adds specificity to the existing rule's requirements around data security measures. The update specifies several measures entities need to have in place. This includes having access controls, authentication and encryption as part of the organization's overall information security program. It also requires them to have a single qualified individual to oversee their information security program. The update adds a requirement of periodic reports to boards of directors, having a written risk assessment and incident response plan, as well as conducting periodic assessments of service providers.

The update also expands the definition of "financial institution" to include entities engaged in activities that the Federal Reserve Board determines to be incidental to financial activities. This change adds "finders"– companies that bring together buyers and sellers of a product or service – within the scope of the Rule.

Putting It Into Practice:  Covered non-banking financial institutions should review their current data security measures to ensure they address the new specifics outlined in the update to the Safeguards Rule. These include access authentication, a person in charge of security measures, and service provider assessments.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More