FTC Updates Safeguards Rule

FTC Updates Safeguards Rule

The United States Federal Trade Commission (FTC) has tightened the security standards that financial institutions must comply with when handling consumer data.

Financial institutions will be required to explain their information-sharing practices and designate a single qualified individual to oversee their information security program.

The change is part of an update to the FTC’s Safeguards Rule that was announced in a joint statement by FTC Chair Lina M. Khan and Commissioner Rebecca Kelly Slaughter.

Five main modifications to the existing Standards for Safeguarding Customer Information were contained in a Final Rule issued by the commission.

The first adds provisions designed to provide covered financial institutions with more guidance on developing and implementing specific aspects of an overall information security program. It specifies safeguards, including access controls and encryption, and adds mechanisms designed to ensure that employee training and oversight are effective. 

It states that “while the current Rule requires financial institutions to undertake a risk assessment and develop and implement safeguards to address the identified risks, the Final Rule sets forth specific criteria for what the risk assessment must include and requires that the risk assessment be set forth in writing. 

“As to

Read More: https://www.infosecurity-magazine.com/news/ftc-updates-safeguards-rule/