The Federal Trade Commission (FTC) has published its Final Rule to amend the Standards for Safeguarding Consumer Information, which applies to “financial institutions” (including entities engaged in activities “incidental” to financial activities). The Final Rule contains significant revisions to the Safeguard Rule’s security requirements that will likely increase the time and effort required to remain compliant and largely implements the modifications to the Safeguards Rule that the FTC originally proposed in its 2019 Notice of Proposed Rulemaking (NPRM). In addition, the FTC concurrently published a separate Final Rule updating its Privacy of Consumer Financial Information Rule, and a Supplemental Notice of Proposed Rulemaking to solicit input on whether to adopt a requirement for financial institutions to report security events to the FTC.
