On July 13, 2020, the Federal Trade Commission (FTC) held a workshop titled “Information Security and Financial Institutions: FTC Workshop to Examine Safeguards Rule.” This workshop discussed the proposed amendments to the Gramm-Leach-Bliley Act’s (GLBA) Safeguards Rule, which requires financial institutions to develop, implement, and maintain a comprehensive information security program.… Continue Reading
GLBA
FTC Releases 2019 Privacy and Data Security Update
On February 25th, the Federal Trade Commission (FTC) released its annual Privacy and Data Security Update, which highlights the FTC’s activities during the past year.
According to the update, the FTC enforcement actions in the past year involved privacy and data security addressing a range of issues, including identity theft, credit reporting and financial privacy, the EU-U.S.… Continue Reading
This week’s podcast: A Look at the FTC’s Proposed GLBA Rules
In this podcast, we explore the implications of the FTC’s proposed amendments to the GLBA Privacy Rule, which is limited to motor vehicle dealers, and the GLBA Safeguards Rule, which applies more broadly to all non-bank financial institutions subject to the FTC’s jurisdiction. We will take a closer look at the FTC’s shift away from a flexible approach to data security toward a more prescriptive approach mandating specific elements for information security programs.… Continue Reading
GLBA and the California Privacy Act: Analyzing SB 1121’s Change to the Financial Institution Carve-Out Provision
Less than three months after California passed the California Consumer Privacy Act of 2018 (CCPA), Governor Jerry Brown signed SB 1121 this week, making a number of technical and substantive changes to the law.
Of particular note: SB 1121 modifies the financial institution carve-out language in CCPA section 1798.145(e). While the change is a welcome development for entities subject to regulation under the Gramm-Leach-Bliley Act (GLBA), it does not grant full exemption from the CCPA.
Proposed House Bill Would Set National Data Security Standards for Financial Services Industry
A new bill introduced by House Financial Services subcommittee Chairman Rep. Blaine Luetkemeyer would significantly change data security and breach notification standards for the financial services and insurance industries. Most notably, the proposed legislation would create a national standard for data security and breach notification and preempt all current state law on the matter.… Continue Reading
CFPB finalizes changes to GLBA annual privacy notice requirement
The CFPB has issued a final rule amending the provisions of Regulation P that implement the Gramm-Leach-Bliley Act (GLBA) annual privacy notice requirement. The final rule is intended to reflect the GLBA amendments made by the Fixing America’s Surface Transportation Act that exempted financial institutions meeting certain conditions from the annual notice requirement. … Continue Reading
CFPB Proposes Amendments to GLBA Rules to Permit Exemption from Annual Notice Requirement
On July 1st, the CFPB proposed to amend Regulation P under the Gramm-Leach-Bliley Act (GLBA) to implement the statutory changes made by the Fixing America’s Surface Transportation Act (see prior post) that provided financial institutions that meet certain conditions with an exemption from the GLBA requirement to deliver annual privacy notices to customers. … Continue Reading
President signs bill creating exception to GLBA annual privacy notice requirement
An amendment creating an exception to the annual privacy notice delivery requirement for financial institutions has been signed into law by President Obama as part of the “Fixing America’s Surface Transportation Act” (FAST Act).
Section 75001 of the FAST Act, signed into law on December 4, 2015, amends Section 503 of the Gramm-Leach-Bliley Act (GLBA) to add an exception to the annual notice delivery requirement for any financial institution that (1) only shares nonpublic personal information (NPI) as permitted by the GLBA without providing consumers with notice and opt-out rights, and (2) has not changed its policies and practices with regard to disclosing NPI since its most recent disclosure sent to consumers.… Continue Reading
FTC follows in CFPB footsteps with GLBA privacy notices
The FTC recently proposed amendments to its Gramm-Leach-Bliley Act (GLBA) rules requiring motor vehicle dealers to send their customers an annual privacy notice. The amendments would allow motor vehicle dealers to notify their customers that a privacy policy is available on their website, subject to certain conditions. Comments on the proposal are due on or before August 31, 2015.… Continue Reading
CFPB joins other federal regulators in announcing GLBA privacy exemption
On September 24, 2013, the CFPB joined the CFTC, the SEC, the FTC, the NCUA, and the prudential bank regulatory agencies (the Federal Reserve, the OCC, and the FDIC) in the issuance of an Interagency Guidance on Privacy Laws and Reporting Financial Abuse of Older Adults. The release exempts from the strictures of the financial privacy provisions of the Gramm-Leach-Bliley Act (GLBA) the reporting of suspected financial abuse of the elderly to appropriate state, local, and federal agencies.… Continue Reading