FEDERAL TRADE COMMISSION
16 CFR Part 314
Standards for Safeguarding Customer Information
AGENCY: Federal Trade Commission.
ACTION: Final Rule.
SUMMARY: The Federal Trade Commission (“FTC” or “Commission”) is issuing a
final Rule (“Final Rule”) to amend the Standards for Safeguarding Customer Information
(“Safeguards Rule” or “Rule”). The amended Rule contains five main modifications to
the existing Rule. First, it adds provisions designed to provide covered financial
institutions with more guidance on how to develop and implement specific aspects of an
overall information security program, such as access controls, authentication, and
encryption. Second, it adds provisions designed to improve the accountability of
financial institutions’ information security programs, such as by requiring periodic
reports to boards of directors or governing bodies. Third, it exempts financial institutions
that collect less customer information from certain requirements. Fourth, it expands the
definition of “financial institution” to include entities engaged in activities that the
Federal Reserve Board determines to be incidental to financial activities. This change
adds “finders”–companies that bring together buyers and sellers of a product or service–
within the scope of the Rule. Finally, the Final Rule defines several terms and provides
related examples in the Rule itself rather than incorporate them by reference from the
Privacy of Consumer Financial Information Rule, 16 CFR part 313.
Continue reading the decision here.