On April 4, 2019, the FTC published in the Federal Register separate notices of its proposed rulemaking and requests for public comment on amendments it intends to make to its Safeguards and Privacy Rules implementing the GLBA.
In general, the proposed amendments to the Safeguards Rules: (i) add provisions designed to provide financial institutions with more guidance on how to develop and implement a data security plan; and (ii) exempt businesses maintaining customer information concerning fewer than 5,000 consumers from certain of the rule’s requirements. The proposed amendments to the Privacy Rule would conform the rule to the GLBA, as amended by the Dodd-Frank Act and the FAST Act, by making various technical changes. Among other changes, the proposed amendments also would revise the definition of “financial institution” in both rules to bring the rules into accordance with the CFPB’s Regulation P (Privacy of Consumer Financial Information).
Written comments for each of the rules must be received on or before June 3, 2019.
For additional information, please also see WBK’s federal industry news article dated March 13, 2019, regarding the FTC’s prior announcement about the amendments.