US Federal Trade Commission Proposes Prescriptive Data Security Requirements and Other Updates to Its Gramm-Leach-Bliley Act Regulations

On March 5, 2019, the Federal Trade Commission (“FTC”) proposed a number of revisions to its Gramm-Leach-Bliley Act (“GLBA”) regulations, which would (i) change the Safeguards Rule to require financial institutions to implement specific information security controls (in a departure from the FTC’s current non-prescriptive approach to data security), (ii) update its GLBA Privacy Rule and (iii) expand the definition of “financial institution” to include so-called “finders” and other entities engaged in activities that are incidental to financial activities.

Read the full Legal Update here.

Mayer Brown’s partners David A. Tallman, Jeffrey P. Taft and Stephen Lilley highlight areas of interest in this Legal Update.

Related Content