November 1, 2021

Volume XI, Number 305

New Articles

November 01, 2021

HAPPY REASSIGNED NUMBER DATABASE DAY: The FCC’s New Recycled Number... by: Eric J. Troutman
US Opens Flights to Fully Vaccinated Travelers – What Does It Mean... by: Suzan Kern
Stockholder Bears Burden of Proving Breach of Redemption Obligation;... by: Michele C. Barnes and Jessica D. Liu
Louisiana Announces a New "Transfer Pricing Managed Audit... by: William (Bill) Backstrom and Andre Burvant
Immigration Updates: Travel Bans, Future Changes, and H-1B Cap... by: William L. Coffman and Angel Feng
Federal Trade Commission Updates Cybersecurity “Safeguards Rule” for... by: Caitlin Throne and Kurt R. Hunt
Possession of a Debtor’s Property After a Bankruptcy Filing May…or... by: Lee B. Hart and Mark Gensburg
The Real-Life Consequences of Copyright Termination by: Jeanne Hamburg
Weekly Bankruptcy Alert: November 1, 2021 (For the Week Ending... by: Business Practice Group Pierce Atwood
The Build Back Better Act: Tax Reform Implications for Private Equity... by: Alex Farr and Kevin Hall
Expanding FSIA to Criminal Cases Would Not Save a Turkish Bank from U... by: Lucas Kowalczyk and Seetha Ramachandran
U.S. Presidential Proclamation Issued Rescinding and Replacing... by: Luisa E. Koidl
COVID Compliance is Complicated: Don’t Let a Whistleblower Jab You by: Rohan A. Virginkar and Mark J. Neuberger
Telecom Alert: Build Back Better Act; Biden Nominates Rosenworcel as... by: Wesley K. Wright and Casey Lide
Policyholder Win Highlights Importance of D&O Policies In... by: Geoffrey B. Fehling and Sima Kazmir
CFPB Director Chopra Appears at First House Hearing Since Approval as... by: Moorari Shah and A.J. S. Dhaliwal
EPA Makes PFAS Announcements, Issues PFAS Strategic Roadmap and... by: Bina Joshi
CFTC Report Highlights Whistleblowers Tips to Other Regulators... by: Mary Jane Wilmoth
Insights From the Money 20/20 FinTech Conference by: Stuart H. Russell
China Issues Draft Measures on Security Assessment of Cross-border... by: Hunton Andrews Kurth’s Privacy and Cybersecurity
Spotlight on Upcoming Oral Arguments - November 2021 by: William C. Neer and Gracie K. Mills
Country-Specific International Travel Restrictions Will Be Rescinded... by: Julianne Cassin Sharp and Elizabeth Baker
CFPB Issues Debt Collection Guidance and Creates More Uncertainty for... by: Jonathan R. Kolodziej and Lee Gilley
Florida Imposes Criminal Penalties for Improper Processing of DNA by: Julia K. Kadish and Harrison Schafer
DOJ's Torpedoes Are in the Water: Be Your Own Monitor, or One... by: Seth D. DuCharme and Matthew G. Nielsen
New York DOL Issues FAQs on Recreational Cannabis – Guidance for... by: Steven M. Swirsky and Nathaniel M. Glasser
New York Adds ADA-Type Requirement and Teeth to Debt Collection... by: Brian R. Epling and Christy W. Hancock
Enhanced Oil Recovery in the Energy Transition by: Frederick R. Eames
Designation of COVID-19 Under New York HERO Act Extended Once Again by: Evandro C Gigante and Laura M. Fant
Unpacking Averages: Analyzing Descriptions from Cardiovascular Device... by: Bradley Merrill Thompson
Recent Developments in Chinese Intellectual Property by: Matthew P. Deng
NY Extends to Dec. 15 Designation of COVID-19 as ‘Highly Contagious... by: Jerrold F. Goldberg
Don’t Abandon Whistleblowers Who Report Money Laundering Crimes by: Stephen M. Kohn
Antitrust M&A Snapshot | Q3 2021 by: Noah Feldman Greene and Max Küttner
Department of Labor Updates (Yet Again) Its Rules on Paying Tipped... by: Laura Lawless
Georgia Courts Cannot Toll Duration of Noncompete Agreement, Even... by: David P. Thatcher and Gregory Y. Shin

October 31, 2021

October 30, 2021

October 29, 2021

Article By

Related Practices & Jurisdictions

All Federal

Federal Trade Commission Updates Cybersecurity “Safeguards Rule” for Financial Institutions

Monday, November 1, 2021

Last week, in the culmination of a process that began in 2016, the Federal Trade Commission (FTC) issued a Final Rule to update the Safeguards Rule promulgated under the Gramm-Leach-Bliley Act. The Safeguards Rule applies to financial institutions, including non-banking companies “significantly engaged” in providing financial products or services such as mortgage brokers, automotive dealers, and payday lenders, requiring those institutions to develop and implement comprehensive security to keep their customers’ information safe.

Cyberattacks and other threats to consumer data have increased over the course of the COVID-19 pandemic, escalating regulatory scrutiny and business risks. These new changes to the Safeguards Rule largely focus on clarifying expectations for financial institutions, including:

More detailed requirements. The Final Rule creates clearer expectations with more detailed requirements for how financial institutions should develop and establish their information security programs, such as setting clearer requirements for employee training, establishing that risk assessments must be set forth in writing, and increasing safeguards through data encryption and authentication.
Qualified Individual. In order to increase accountability, the Final Rule designates one key person (to be known as the Qualified Individual) at each financial institution to be responsible for overseeing and enforcing the information security program.
Board reporting. Financial institutions must schedule periodic reports on the information security programs to their board of directors or governing bodies, in hopes that the programs will receive the support and resources necessary for successful maintenance.
Change in scope. The Final Rule expands the definition of financial institutions to include “finders”—companies that bring together the buyers and sellers of a good or service, in a move that makes the definition of financial institution more analogous to that in the Bank Company Holding Act. In addition, some financial institutions that collect information on fewer than 5,000 consumers are exempted from written risk assessment, incident response plan, and board reporting requirements.

Financial institutions regulated by the GLBA should familiarize themselves with the updated Safeguards Rule and evaluate their information security policies, focusing on ensuring they are compliant with the new requirements. The FTC also announced it is soliciting comments regarding reporting of data security incidents, signaling the possibility of additional changes in the near future.

Related Legal Headlines

CFTC Issues Customer Advisory on Trading Based on Information Communicated Online

Kevin M. Foley

What Is FTC’s Course Under Biden?

James V. Fazio

SPECIAL FUND ALERT: Proposed HSR Rule Amendment: Foreign Today but Not Tomorrow?

Joel Mitnick

Opportunities Following U.S.-Africa Summit

Witney Schneidman

TRENDING LEGAL ANALYSIS

HAPPY REASSIGNED NUMBER DATABASE DAY: The FCC’s New Recycled Number Spotting...

Squire Patton Boggs (US) LLP

US Opens Flights to Fully Vaccinated Travelers – What Does It Mean for You and Your...

Hunton Andrews Kurth

Stockholder Bears Burden of Proving Breach of Redemption Obligation; Directors Used...

K&L Gates

Louisiana Announces a New "Transfer Pricing Managed Audit Program"

Jones Walker LLP

About this Author

Caitlin Throne

Law Clerk

Caitlin focuses her practice on corporate law. Her prior experience includes working with private equity clients to evaluate market performance and potential acquisitions. She earned her J.D. from The Ohio State University Moritz College of Law.

Education

The Ohio State University Moritz College of Law (J.D., magna cum laude, 2021)
- Ohio State Law Journal, executive editor
- Three CALI Awards for Excellence, including Debtor and Creditor Law
Carleton College (B.A., cum laude, 2015)...

caitlin.throne@dinsmore.com

614-227-4222

www.dinsmore.com

Kurt R. Hunt

Associate

Kurt focuses his practice on telecommunications and public utilities law, advising clients on general corporate and administrative issues, regulatory compliance, transactions, privacy obligations, and intellectual property matters. He is also an experienced litigator, and routinely represents clients in state and federal courts, as well as before administrative agencies and public utility commissions.

Knowing that public utilities operate inside a highly-regulated and specialized environment, Kurt is adept at tailoring his approach to fit each...

kurt.hunt@dinsmore.com

(513) 977-8101

www.dinsmore.com

Christian Gonzalez

Christian Gonzales, banking, corporate and securities lawyer, Dinsmore law firm

Associate

Christian advises clients on various aspects of banking, corporate and securities law, including mergers and acquisitions, securities offerings, business formation, regulatory compliance, and general corporate governance matters.

Christian has extensive experience servicing the financial sector clients ranging from multi-billion dollar financial institutions to community banks and thrifts. Christian assists financial institutions in strategic growth, M&A transactions and other critical situations, and he has a broad range of experience in...

christian.gonzalez@dinsmore.com

614-628-6921