top of page
  • Writer's pictureDeborah

On October 27, 2021, the Federal Trade Commission (FTC) published its Final Rule to amend the Standards for Safeguarding Customer Information (Safeguards Rule) containing modifications to the existing Rule including the following provisions:


  1. More detailed guidance on developing and implementing specific aspects of an overall information security program, such as access controls, authentication, and encryption

  2. Guidance to improve the accountability of financial institutions’ information security programs, such as by requiring periodic reports to boards of directors or governing bodies and the designation of a single Qualified Individual to be responsible for the information security program

  3. Exemptions for financial institutions that collect information from less than 5,000 customers from certain requirements such as a written risk assessment and incident response plan

  4. Expanded definition of “financial institution” to include entities engaged in activities that the Federal Reserve Board (FSB) determines to be incidental to financial activities, in particular, companies that act as “finders”, “bringing together one or more buyers and sellers of any product or service for transactions that the parties themselves negotiate and consummate”


The Safeguard Rule requires financial institutions under FTC’s jurisdiction to have measures in place to keep customer information secure. A supplemental notice of proposed rulemaking was also published on October 27, requesting public comment on a proposal for a requirement that financial institutions report security events to the FTC. The request for comments includes:

  • Appropriate deadline for reporting security events after discovery

  • Whether all security events should require notification or whether notification should be required only under certain circumstances

  • Whether such reports should be made public

  • Whether events involving encrypted information should be included in the requirement

  • Whether the requirement should allow law enforcement agencies to prevent or delay notification if notification would affect law enforcement investigation


Recent Posts

See All

The Secured Overnight Financing Rate (SOFR) is a broad measure of the cost of borrowing cash overnight collateralized by Treasury securities. SOFR is the overnight interest rate for US dollar-denomina

13/06/2023 - Canadian Securities Administrators (CSA) SEDAR+ go-live date. All issuer filings, cease trade orders and disciplined list entries will be filed in SEDAR+ 16/06/2023 - OSFI consultation pe

On May 11, the Bank for International Settlements (BIS) published a Handbook on how central bank digital currencies (CBDCs) could work for offline payments, defined as a “transfer of value between dev

bottom of page