This summer, the Federal Trade Commission (“FTC”) will once again tighten the belt on entities that offer financial products and services when another round of amendments to the Gramm-Leach-Bliley Safeguards Rule goes into effect—this time, requiring covered entities to report data breaches to the FTC.
What is the Safeguards Rule?
The Safeguards Rule, which originally became effective in May 2003, long had a small bark and an even tinier bite. The rule required covered entities to develop, implement, and maintain a comprehensive written information security program with “appropriate” safeguards. With no private right of action and a breathtaking lack of specificity, this requirement was treated as little more than a suggestion by many covered entities. Continue Reading Don’t Forget: It’s Time to Notify the FTC of Your Data Breach