{"id":888,"date":"2019-05-15T08:06:06","date_gmt":"2019-05-15T13:06:06","guid":{"rendered":"http:\/\/efgintelligence.com\/lendingcurve\/?p=888"},"modified":"2019-05-15T08:18:39","modified_gmt":"2019-05-15T13:18:39","slug":"ftc-rule-amendments","status":"publish","type":"post","link":"https:\/\/efgintelligence.com\/lendingcurve\/ftc-rule-amendments\/","title":{"rendered":"FTC Amendments Strive To Keep Up with Technology"},"content":{"rendered":"
\"Steve
Contributing Author:
Steve Roennau
Vice President
Compliance
EFG Companies<\/figcaption><\/figure>\n

In April, the Federal Trade Commission (FTC) published in the Federal Register its proposed amendments to the\u00a02000 Privacy Rule and 2003 Safeguards Rule.<\/strong> The genesis of these amendments is based on the FTC\u2019s enforcement experience, and are intended to keep pace with technological developments<\/strong> within the financial industry. The proposed revisions relevant to automotive lenders fall under the Gramm Leach Bliley Act (GLBA).<\/p>\n

Changes to the Privacy Rule<\/h3>\n

Revisions to the Privacy Rule would result in two substantive changes:<\/p>\n

    \n
  1. The scope and definition of “financial institution” was modified to include entities that are engaged in activities that are incidental to financial activities<\/strong>, to bring both rules into accordance with the CFPB\u2019s Regulation P (Privacy of Consumer Financial Information).<\/li>\n
  2. The annual privacy notice requirements were modified to implement statutory changes<\/strong> to the GLBA enacted by the Fixing America’s Surface Transportation Act<\/strong> (the FAST Act).<\/li>\n<\/ol>\n

    The FAST Act established that a financial institution is not required to provide an annual privacy notice<\/strong> under the Privacy Rule if it:<\/p>\n

      \n
    • only shares NPI with nonaffiliated third parties in a manner that does not require notice of an opt-out right to be provided to its customers;<\/strong> and,<\/li>\n
    • has not changed its privacy policies and practices<\/strong> with respect to the disclosure of NPI since it last provided a privacy notice to its customers.<\/li>\n<\/ul>\n

      The CFPB published a final rule to implement these statutory changes in September 2018. The FTC’s proposal would amend the annual notice requirements to bring it in line with the FAST Act and the CFPB regulations.<\/p>\n

      Changes to the Safeguards Rule<\/h3>\n

      Specifically, the proposed amendments to the Safeguards Rule seek to achieve the following objectives:<\/p>\n

        \n
      • provide covered financial institutions with more guidance on how to develop and implement specific aspects of an overall information security program, <\/strong>such as access controls, authentication, and encryption;<\/li>\n
      • improve the accountability of financial institutions’ information security programs,<\/strong> such as by requiring periodic reports to boards of directors or governing bodies; and,<\/li>\n
      • exempt small businesses <\/strong>from certain requirements of the amended Safeguards Rule.<\/li>\n<\/ul>\n

        Keeping Up With Technology<\/h3>\n

        Much has changed in the world of cybersecurity since these rules were first implemented \u2013 both positive and negative. On the plus side, significant progress has been made by software and security providers to improve customer data protection.<\/strong> Unfortunately, those who would like to steal that data have matched that progress. Regardless of what rules and regulations exist, it is in the lender\u2019s best interest to implement any measure available to protect its customers\u2019 data.<\/strong><\/p>\n

        Your institution probably already has a comprehensive information security program in place. However, now is the time to review that program, as the proposed rule amendment provides further definition on requirements, such as:<\/strong><\/p>\n

          \n
        • encrypting<\/strong> all consumer data;<\/li>\n
        • implementing access controls<\/strong> to prevent unauthorized users from accessing consumer information;<\/li>\n
        • utilizing multifactor authentication<\/strong> to access consumer data; and,<\/li>\n
        • requiring periodic reports<\/strong> submitted to the boards of directors to ensure compliance.<\/li>\n<\/ul>\n

          The proposed amendments to the Safeguards Rule will better align the rule with prevailing cyber security standards,<\/strong> such as the New York State Department of Financial Services (NYDFS) cybersecurity regulations and the National Institute of Standards and Technology (NIST) framework.\u00a0 The amendments are also designed to ensure that non-bank financial technology entities are subject to cybersecurity standards similar to those that banks are subject to under the Federal Financial Institutions Examination Council (FFIEC) interagency guidelines.<\/p>\n

          These proposed amendments to the Safeguards Rule and Privacy Rule are in the \u201ccomment\u201d phase.\u00a0 If you are a financial institution under the FTC’s jurisdiction, now is your time to submit input that would shape the future final rule. \u00a0While I\u2019m all for progress and improved data security, there is always a risk\/reward.<\/p>\n","protected":false},"excerpt":{"rendered":"

          In April, the Federal Trade Commission (FTC) published in the Federal Register its proposed amendments to the\u00a02000 Privacy Rule and 2003 Safeguards Rule. The genesis of these amendments is based […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"jetpack_post_was_ever_published":false,"footnotes":""},"categories":[79],"tags":[278,185,276,277,258],"class_list":["post-888","post","type-post","status-publish","format-standard","hentry","category-compliance","tag-fast-act","tag-federal-trade-commission","tag-gramm-leach-bliley","tag-privacy-rule","tag-safeguards-rule"],"aioseo_notices":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p7ht2K-ek","jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/efgintelligence.com\/lendingcurve\/wp-json\/wp\/v2\/posts\/888","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/efgintelligence.com\/lendingcurve\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/efgintelligence.com\/lendingcurve\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/efgintelligence.com\/lendingcurve\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/efgintelligence.com\/lendingcurve\/wp-json\/wp\/v2\/comments?post=888"}],"version-history":[{"count":3,"href":"https:\/\/efgintelligence.com\/lendingcurve\/wp-json\/wp\/v2\/posts\/888\/revisions"}],"predecessor-version":[{"id":892,"href":"https:\/\/efgintelligence.com\/lendingcurve\/wp-json\/wp\/v2\/posts\/888\/revisions\/892"}],"wp:attachment":[{"href":"https:\/\/efgintelligence.com\/lendingcurve\/wp-json\/wp\/v2\/media?parent=888"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/efgintelligence.com\/lendingcurve\/wp-json\/wp\/v2\/categories?post=888"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/efgintelligence.com\/lendingcurve\/wp-json\/wp\/v2\/tags?post=888"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}