Photo of Karim Alhassan

Witnessing the race to harness the power of Artificial Intelligence (“AI”) by markets and businesses, the Federal Trade Commission (“FTC”), recently issued a warning over the emerging technology and its ever-widening use cases. Citing its authority under Section 6(b) of the FTC Act, the Commissioners voted 5-0 on July 19 in favor of issuing investigative

The Federal Trade Commission (FTC or Commission) has issued a final rule clarifying its data security requirements for certain covered financial institutions. The new rule, which amends the Safeguards Rule originally promulgated in 2002 under the Gramm-Leach-Bliley Act (GLBA), outlines specific criteria to be incorporated as part of GLBA-covered financial institutions’ information security programs. The primary changes include:

  • A requirement to designate a single qualified individual responsible for overseeing the information security program and periodically reporting to the board (or other governing body)
  • Identification of specific security risk assessment criteria and a requirement that such assessments be documented in writing
  • Specific required safeguards, including access controls, encryption, data disposal procedures, continuous monitoring, and penetration testing
  • Service provider selection criteria and a related requirement to periodically assess service providers based on perceived risk
  • Expansion of the definition of “financial institution” to clarify that it includes entities providing “finder” services incidental to financial activities

The updated rule takes effect 30 days after publication in the Federal Register, but some of the more significant new requirements will not take effect for another year.Continue Reading FTC significantly amends GLBA Safeguards Rule