FTC Unveils Updates to Safeguards Rule

October 29, 2021

The Federal Trade Commission this week announced a series of updates to the Safeguards Rule intended to strengthen the security of customer information used by non-bank financial institutions. The revised rule specifies measures that institutions must use to protect personal data, including encryption, access controls, and multifactor authentication. The new rule also mandates that each financial institutions appoint a single qualified individual to oversee its information security program, reporting on efforts and acting as a contact point for oversight authorities. The FTC first sought public input on the changes in 2019 and followed up with a 2020 public workshop on the Safeguards Rule. EPIC previously submitted comments on the proposed changes and has consistently called for a data protection agency in the U.S.

Support Our Work

EPIC's work is funded by the support of individuals like you, who allow us to continue to protect privacy, open government, and democratic values in the information age.