On July 13, 2020, the Federal Trade Commission (FTC) held a workshop titled “Information Security and Financial Institutions: FTC Workshop to Examine Safeguards Rule.” This workshop discussed the proposed amendments to the Gramm-Leach-Bliley Act’s (GLBA) Safeguards Rule, which requires financial institutions to develop, implement, and maintain a comprehensive information security program.… Continue Reading

On February 25th, the Federal Trade Commission (FTC) released its annual Privacy and Data Security Update, which highlights the FTC’s activities during the past year.

According to the update, the FTC enforcement actions in the past year involved privacy and data security addressing a range of issues, including identity theft, credit reporting and financial privacy, the EU-U.S.… Continue Reading

In this podcast, we explore the implications of the FTC’s proposed amendments to the GLBA Privacy Rule, which is limited to motor vehicle dealers, and the GLBA Safeguards Rule, which applies more broadly to all non-bank financial institutions subject to the FTC’s jurisdiction. We will take a closer look at the FTC’s shift away from a flexible approach to data security toward a more prescriptive approach mandating specific elements for information security programs.… Continue Reading

Less than three months after California passed the California Consumer Privacy Act of 2018 (CCPA), Governor Jerry Brown signed SB 1121 this week, making a number of technical and substantive changes to the law.

Of particular note: SB 1121 modifies the financial institution carve-out language in CCPA section 1798.145(e). While the change is a welcome development for entities subject to regulation under the Gramm-Leach-Bliley Act (GLBA), it does not grant full exemption from the CCPA.

Continue Reading

A new bill introduced by House Financial Services subcommittee Chairman Rep. Blaine Luetkemeyer would significantly change data security and breach notification standards for the financial services and insurance industries. Most notably, the proposed legislation would create a national standard for data security and breach notification and preempt all current state law on the matter.… Continue Reading

The CFPB has issued a final rule amending the provisions of Regulation P that implement the Gramm-Leach-Bliley Act (GLBA) annual privacy notice requirement.  The final rule is intended to reflect the GLBA amendments made by the Fixing America’s Surface Transportation Act that exempted financial institutions meeting certain conditions from the annual notice requirement. … Continue Reading

On July 1st, the CFPB proposed to amend Regulation P under the Gramm-Leach-Bliley Act (GLBA) to implement the statutory changes made by the Fixing America’s Surface Transportation Act (see prior post) that provided financial institutions that meet certain conditions with an exemption from the GLBA requirement to deliver annual privacy notices to customers. … Continue Reading

An amendment creating an exception to the annual privacy notice delivery requirement for financial institutions has been signed into law by President Obama as part of the “Fixing America’s Surface Transportation Act” (FAST Act).

Section 75001 of the FAST Act, signed into law on December 4, 2015, amends Section 503 of the Gramm-Leach-Bliley Act (GLBA) to add an exception to the annual notice delivery requirement for any financial institution that (1) only shares nonpublic personal information (NPI) as permitted by the GLBA without providing consumers with notice and opt-out rights, and (2) has not changed its policies and practices with regard to disclosing NPI since its most recent disclosure sent to consumers.… Continue Reading

The FTC recently proposed amendments to its Gramm-Leach-Bliley Act (GLBA) rules requiring motor vehicle dealers to send their customers an annual privacy notice.  The amendments would allow motor vehicle dealers to notify their customers that a privacy policy is available on their website, subject to certain conditions.  Comments on the proposal are due on or before August 31, 2015.… Continue Reading

On September 24, 2013, the CFPB joined the CFTC, the SEC, the FTC, the NCUA, and the prudential bank regulatory agencies (the Federal Reserve, the OCC, and the FDIC) in the issuance of an Interagency Guidance on Privacy Laws and Reporting Financial Abuse of Older Adults.  The release exempts from the strictures of the financial privacy provisions of the Gramm-Leach-Bliley Act (GLBA) the reporting of suspected financial abuse of the elderly to appropriate state, local, and federal agencies.… Continue Reading