Co-authored by Alison Bird
On March 5, 2019, the Federal Trade Commission (FTC) announced proposed amendments to the Safeguards Rule under the Gramm-Leach-Bliley Act (GLB), which addresses the obligations of financial institutions to protect the security of customer information. In some ways modeled on the New York Department of Financial Services Cybersecurity Regulation, the proposal maintains GLB’s process — or risk-based — approach to data protection, but it also outlines explicit cyber controls that regulated entities would be required to implement. While many firms may already have instituted some of those controls, certain proposed amendments are new or more explicit, and they may create significant implementation challenges. Five of the most noteworthy proposed amendments are detailed here.