The Federal Trade Commission just announced significant changes to the Safeguards Rule. Those changes include more specific criteria about safeguards financial institutions – including dealers – must implement as part of their information security program to include limiting who can access consumer data and using encryption to secure the data. Dealers will also have to explain their information sharing practices, specifically the administrative, technical, and physical safeguards used to access, collect, distribute, process, protect, store, use, transmit, dispose of, or otherwise handle customers’ secure information. And, dealers will be required to designate a single qualified individual to oversee their information security program and report periodically to an organization’s board of directors, or a senior officer in charge of information security.These changes were not without opposition including 2 FTC commissioners who strongly dissented. We will analyze the changes in greater detail and provide more information in a blog post in the coming days.
To see the text of the rule, go to: https://bit.ly/3Gvee5B