Kelley Drye Ad Law Access Podcast · Safeguards Snafu? The Anomalous New Provision in the FTC's Gramm-Leach Bliley Safeguards Rule

Apple Spotify SoundCloud

Last week, the FTC announced that it had finalized its rulemaking to add data breach notification provisions to the Gramm-Leach-Bliley Act (GLBA) Safeguards Rule. As expected, the new provisions require non-bank financial institutions to provide notice to the FTC of data incidents meeting certain thresholds and detail the trigger for, and content and timing of, the notice. The FTC's proposal elicited only 49 comments, perhaps because most stakeholders thought that the new requirements were inevitable and would be fairly routine. After all, the federal banking agencies have long required data breach notification under GLBA, every state in the country has a data breach law, and the Commission was only proposing that notice be given to the FTC, not to consumers.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.