by Jeremy Feigelson, Avi Gesser, Satish Kini, Johanna Skrzypczyk, Lily D. Vo, Corey Goldstein, and Scott M. Caravello
On October 27, 2021, the Federal Trade Commission (the “FTC”) announced significant updates to the Standards for Safeguarding Customer Information (PDF: 835 KB) (the “Safeguards Rule” or “Amended Rule”). This rule, promulgated pursuant to the Gramm-Leach-Bliley Act, is designed to protect the consumer data collected by non-bank financial institutions, such as mortgage lenders and brokers, “pay day” lenders, and automobile dealerships, among many others (“subject financial institutions”). The Amended Rule is likely to have a far-reaching ripple effect and inform the meaning of reasonable data security requirements industry-wide. In this blog post, we highlight the Amended Rule’s more novel requirements and provide an overview of the potential impacts.