FTC Seeks Comment on Proposed Amendments to Safeguards and Privacy Rules

The FTC is seeking comment on proposed changes to the Safeguards Rule and the Privacy Rule under the Gramm-Leach-Bliley Act. The Safeguards Rule requires a financial institution to maintain a comprehensive information security program. The Privacy Rule requires a financial institution to inform customers about its information-sharing practices. Andrew Smith, Director of the FTC’s Bureau of Consumer Protection, says the amendments are meant to, “better protect consumers and provide more certainty for business.”

NIST Privacy Framework

The National Institute of Standards and Technology (NIST) released working draft of a standard Privacy Framework meant to, “help organizations: better identify, assess, manage, and communicate privacy risks; foster the development of innovative approaches to protecting individuals’ privacy; and increase trust in products and services.”

AG Racine Proposes Changes to Data Breach Law

District of Columbia AG Racine introduced legislation to amend the District’s current data breach law in an effort to provide greater protection over personal data.  Specifically, the AG proposes:

  • Holding companies accountable for safeguarding a broader range of private information;
  • Creating security requirements for companies that handle personal information;
  • Requiring companies to provide identity theft protection if they expose Social Security numbers; and
  • Requiring companies to inform consumers of their rights when a data breach occurs.

Internet of Things (IoT) Cybersecurity Improvement Act of 2019

Bipartisan legislation meant to improve the cybersecurity of Internet-connected devices was introduced in the Senate and the House of Representatives. The legislation would require that devices purchased by the U.S. government meet certain minimum security requirements.