FTC Unveils Updates to Safeguards Rule

The Federal Trade Commission this week announced a series of updates to the Safeguards Rule intended to strengthen the security of customer information used by non-bank financial institutions. The revised rule specifies measures that institutions must use to protect personal data, including encryption, access controls, and multifactor authentication. The new rule also mandates that each financial institutions appoint a single qualified individual to oversee its information security program, reporting on efforts and acting as a contact point for oversight authorities. The FTC first sought public input on the changes in 2019 and followed up with a 2020 public workshop on the Safeguards Rule. EPIC previously submitted comments on the proposed changes and has consistently called for a data protection agency in the U.S.