The Federal Trade Commission is seeking comment on proposed amendments to two rules that protect the privacy and security of customer information held by financial institutions.
In separate notices to be published in the Federal Register, the FTC is seeking comment on proposed changes to the Safeguards Rule and the Privacy Rule under GLBA. The Safeguards Rule requires a financial institution to develop, implement, and maintain a comprehensive information security program. The Privacy Rule requires a financial institution to inform customers about its information-sharing practices and allow customers to opt out of having their information shared with certain third parties. The FTC is proposing changes to the Safeguards Rule to add more detailed requirements for what should be included in the comprehensive information security program mandated by the Rule.
As to the Privacy Rule, The Dodd-Frank Act transferred the majority of the FTC’s rulemaking authority to the CFPB, leaving the FTC with rulemaking authority only over certain motor vehicle dealers. To address these statutory changes, the FTC has proposed, for example, to remove from the Privacy Rule examples of financial institutions that do not apply to motor vehicle dealers. In addition, the revised Rule would clarify when motor vehicle dealers must provide annual privacy notices to reflect provisions included in the FAST Act. The FTC also is proposing to expand the definition of “financial institution” in both the Privacy Rule and the Safeguards Rule to specifically include so-called “finders,” those who charge a fee to connect consumers who are looking for a loan to a lender.
The notices seeking comment on the proposed changes to the Safeguards Rule and to the Privacy Rule will be published in the Federal Register, with instructions on how to file comments thereafter with 60 days of publication in the Federal Register.