United States: Effective Date Set for New FTC Financial Data Security Requirements
To print this article, all you need to do is be registered or log in to Mondaq.com.
A final FTC rule to strengthen data security measures to further protect consumer financial data takes effect January 10, 2022. Some provisions are extended through December 9, 2022 to give financial institutions more time to modify their information security programs to comply with the new requirements. The final rule was published in the federal register.
The FTC’s final rule changes the agency’s standards for protecting customer information. As noted earlier, the changes include:
- impose additional requirements for an information security program, including access controls, encryption and authentication protocols; and
- increasing the potential for individual accountability for breaches in financial institutions by (i) designating a single information security officer responsible for the security program and (ii) requiring periodic reports from that person to the administrators of the business.
Although the rule becomes effective on January 10, 2022, certain provisions of FTC Rule 314.5 (“Effective Date”) are effective as of December 9, 2022 to allow more time to comply with the new requirements. . These include sections 314.4(a) (“Appointment of a qualified person); 314.4(b)(1) (“Performing a written risk assessment); 314.4(c)(1) through (8), (“Information Security Program Elements”); 314.4(d)(2), (“Annual monitoring and penetration testing and semi-annual vulnerability assessment;) § 314.4(e), (“Personnel training”); 314.4(f)(3), (“Periodic assessment Service Providers”); 314.4(h), (“Written Incident Response Plan”); and 314.4(i), (“Qualified Person’s Annual Written Reports”).
The content of this article is intended to provide a general guide on the subject. Specialist advice should be sought regarding your particular situation.
POPULAR ARTICLES ON: Finance and Banking of the United States