As we’ve been predicting, including here, the Cybersecurity Regulation adopted by the NY DFS for insurance, banking and other financial services continues to drive the conversation in the U.S. The latest manifestation is the FTC proposal, announced March 5, 2019, to amend it Safeguards Rule adopted pursuant to the Gramm-Leach-Bliley Act of 1999 (GLBA) to require financial institutions to adopt certain safeguards to protect the nonpublic personal information of consumers. In proposing its amendments, available here, the FTC stated they are “based primarily on” the NY DFS Cybersecurity Regulation and the NAIC data security model law, both of which have been reviewed in our prior articles, including the article linked above.
Key proposed changes to the Safeguards Rule include:
At the same time, the FTC issued proposed changes to its Privacy Rule under the GLBA to effect certain technical changes related to auto dealers, to modify the requirement for annual privacy notices in accordance with the FAST Act amendments, and to expand the definition of financial institution to include entities engaged in activities incidental to financial activities. The proposed amendment to the Privacy Rule is available here.
The comment period for the proposed FTC amendments ends 60 days after publication (expected to be on or shortly after March 8, 2019) in the Federal Register.
Visit our Insurance & Reinsurance Blog for the latest news and developments.Visit the blog
Sign up for our newsletter and get the latest to your inbox.