March 6, 2019

FTC seeks input on privacy and cyber rules for financial institutions

The Federal Trade Commission (“FTC”) is seeking comment on proposed amendments to the Safeguards Rule and the Privacy Rule.  The proposed changes are designed to provide more detailed guidance to financial institutions regarding consumer privacy and data security practices, and ensure that the Rules are consistent with the Dodd-Frank Act and the FAST Act, which modified privacy requirements under the Gramm-Leach Bliley Act.  Both proposals would also expand the definition of “financial institution” to include entities engaged in activities deemed to be incidental to financial activities—such as “finders,” which link consumers with financers.

The FTC announced the proposed changes on March 5th, 2019, with publication in the Federal Register to follow.  The FTC has requested comment on the proposed amendments generally, and specifically, how it would impact financial institutions and interact with existing regulations.  Interested parties will have 60 days from the date of publication in the Federal Register to submit comments. 

Safeguards Rule:  Notice of Proposed Rulemaking

Privacy Rule:  Notice of Proposed Rulemaking