[BreachExchange] FTC Tightens Safeguards for Consumer Data After Major Breaches

Terrell Byrd terrell.byrd at riskbasedsecurity.com
Tue Nov 2 11:58:29 EDT 2021


https://www.investopedia.com/ftc-improves-safeguards-for-consumer-data-amid-major-data-breaches-5208051


The Federal Trade Commission (FTC) has updated its Safeguards Rule
following widespread data breaches involving consumers' personal and
financial information. The move tightens the security standards financial
institutions must follow.

KEY TAKEAWAYS
The FTC has made an update to its Safeguards Rule, which dictates how
financial institutions must secure the financial data of their customers.
The agency's chair and one commissioner provided a joint statement in
support of the update, pointing to the 2017 Equifax data breach, among
others, as the reason for the change.
The update includes specific criteria that financial institutions must meet
to stay in compliance.
New Update to Provide More Security for Consumers
The FTC announced last week a new measure to better protect consumers
against identity theft and financial losses that could arise from data
breaches.1

Data breaches occur when cybercriminals access data from a computer system
without permission. Depending on the target, a breach can give identity
thieves access to consumers' personal information, credit card details,
account numbers, and other data that they can use to perpetrate other
crimes or sell to other criminals.

In a joint statement by FTC Chair Lina M. Khan and Rebecca Kelly Slaughter,
the two pointed to the Equifax data breach in 2017, which exposed the
information of 147 million people, and other recent widespread data
breaches as the reason for the updates.2

The final rule provides more specific criteria for what safeguards
financial institutions are required to implement to protect consumers'
financial data. Examples include limiting who can access the data and using
encryption to secure it.

Financial institutions will also be required to explain their
information-sharing practices. That includes administrative, technical, and
physical safeguards the institutions use to access, collect, distribute,
process, protect, store, use, transmit, dispose of, or otherwise handle
their customers' secure information.

Finally, financial institutions will be required to designate a single
qualified individual to oversee their information security program. This
individual must regularly report to a senior officer in charge of
information security or to the organization's board of directors.

The FTC is seeking public comment on whether it should make additional
changes to the Safeguards Rule, which also requires organizations to report
certain data breaches and other security events to the agency. The public
will have 60 days to submit comments.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211102/98a8ef06/attachment.html>


More information about the BreachExchange mailing list