FTC Seeks Comment on Proposed Amendments to Safeguards and Privacy Rules

The FTC is seeking comment on proposed changes to the Safeguards Rule and the Privacy Rule under the Gramm-Leach-Bliley Act. The Safeguards Rule requires a financial institution to maintain a comprehensive information security program. The Privacy Rule requires a financial institution to inform customers

On August 14, 2018, President Trump signed into law S. 770, the “NIST Small Business Cybersecurity Act.”  This Act requires the National Institute of Standards and Technology (NIST) to develop and disseminate resources for small businesses to help reduce their cybersecurity risks. The Act states that the resources should be:

  • “Generally applicable and usable by

Government agencies collect and hold massive amounts of personally identifiable information (PII), creating valuable targets for cybercrime. Recently proposed legislation would impose baseline standards for cyber hygiene on federal agencies. State and local governments, as well as private industry, should measure themselves against the same federal standards to protect against catastrophic loss of PII.

Security

On Sept. 15, 2015, the Securities Exchange Commission (SEC) Office of Compliance Inspections and Examinations (OCIE) published its second cybersecurity risk alert (the “2015 Risk Alert”). The 2015 Risk Alert is a follow up to the OCIE’s April 2014 cybersecurity initiative risk alert (the “2014 Risk Alert”) announcing a series of examinations to identify cybersecurity risks and assess cybersecurity preparedness in the securities industry. The 2015 Risk Alert puts broker-dealers (BDs) and investment advisors (IAs) on notice that OCIE will seek additional information and expand its area of focus in this second round of cybersecurity examinations.
Continue Reading

On August 28, 2015, the National Futures Association (NFA) submitted a proposed interpretative notice (Notice) to the Commodity Futures Trading Commission (CFTC) to require information systems security programs (ISSPs). If the CFTC adopts the NFA’s proposals, NFA member firms − including swap dealers, major swap participants, futures commission merchants, commodity trading advisors, commodity pool operators and introducing brokers (collectively, Members) − would have to establish, maintain and follow written ISSPs.
Continue Reading