FTC Announces Six-Month Extension for Compliance with Some Changes to Gramm-Leach-Bliley Safeguards Rule | Privacy & Information Security Law Blog

FTC Announces Six-Month Extension for Compliance with Some Changes to Gramm-Leach-Bliley Safeguards Rule
Posted on November 18, 2022
POSTED IN FINANCIAL PRIVACY, INFORMATION SECURITY, U.S. FEDERAL LAW
Listen to this post
Audio Player
On November 15, 2022, the Federal Trade Commission announced a six-month extension for companies to comply with certain updated requirements of the Gramm-Leach-Bliley Act’s Safeguards Rule, a set of data security provisions covered financial institutions must implement to protect their customers’ personal information. The new deadline is June 9, 2023.

The FTC announced updates to the Safeguards Rule in October 2021. While many provisions of the updated Rule became operational 30 days after publication in the Federal Register, other sections were due to go into effect on December 9, 2022. Specifically, the provisions affected by the six-month extension include requirements that financial institutions:

designate a qualified individual to oversee their information security program;
develop a written risk assessment;
limit and monitor who can access sensitive customer information;
encrypt all sensitive information, train security personnel, develop an incident response plan, periodically assess the security practices of service providers; and
implement multi-factor authentication or another method with equivalent protection for any individual accessing customer information.