Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: GLBA

Posted in Financial Privacy

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

The Federal Trade Commission issued notices on March 5 seeking public comment on proposed amendments to the regulations implementing the Gramm-Leach-Bliley Act, commonly known as the Safeguards Rule and Privacy Rule. Once the notices are published in the Federal Register comments must be received within 60 days. The proposed changes to the Safeguards Rule add a number of more detailed security requirements, whereas the proposed changes to the Privacy Rule are more focused on technical changes to align the Rule with changes in law over the past decade.

Posted in Consumer Privacy

California Consumer Privacy Act: The Challenge Ahead – The Interplay Between the CCPA and Financial Institutions

The California Consumer Privacy Act of 2018 (“CCPA”) exempts information that is collected, processed, sold, or disclosed pursuant to the federal Gramm-Leach-Bliley Act (“GLBA”), and its implementing regulations (the “Privacy Rule”), or the California Financial Information Privacy Act (“CFIPA”).  It does not exempt financial institutions altogether from its requirements where a financial information is processing information not subject to these regimes.  In such situations, a financial institution must comply with a wide array of CCPA obligations, including requirements to make certain disclosures to consumers and to provide certain rights to consumers, such as the right to stop “sales” of their personal information and the right to access data that a business has collected about them. Determining whether information a financial institution processes is covered by the exemption or not can be challenging and is something that financial institutions will need to analyze for their operations.

This blog post provides background on the scope of the exemption and an overview of key considerations for financial institutions developing CCPA compliance programs.

Posted in Financial Privacy

CFPB Finalizes Rule to Ease GLBA Privacy Notice Requirements

The Consumer Financial Protection Bureau (CFPB) has finalized a proposed rule that will eliminate the need for certain financial institutions to mail annual privacy notices to their customers, so long as the institutions publish their privacy notices online and engage only in limited sharing of customer information.

Posted in Financial Privacy

CFPB Proposes to Alleviate GLBA Privacy Notice Requirements

The Consumer Financial Protection Bureau has issued a proposed rule that would eliminate the requirement for banks and other financial institutions subject to CFPB jurisdiction to deliver an annual privacy notice to their customers, provided the institutions take certain privacy-protective measures. The CFPB proposal demonstrates that the agency is following up on its 2011 streamlining initiative, in which it solicited comment on possible alternatives to delivering the annual privacy notice, and recognizes at least to some extent the online world that most consumers now embrace

Posted in Financial Privacy

CFTC Issues GLBA Security Guidelines

The Commodity Futures Trading Commission has issued guidance for CFTC-regulated financial institutions on compliance with the security safeguards provisions of Title V of the Gramm-Leach-Bliley Act. In a Staff Advisory, the CFTC recommends that futures commission merchants, commodity trading advisors, commodity pool operators, introducing brokers, retail foreign exchange dealers, swap dealers, and major swap participants implement certain best practices to meet their obligations under GLBA, as well as the CFTC’s GLBA regulations at 17 C.F.R. Part 160, to adopt policies and procedures that address administrative, technical and physical safeguards for the protection of customer records and information.

Posted in Cybersecurity & Data Breaches

FTC Reaches Settlements Over P2P Data Breaches

The Federal Trade Commission yesterday announced settlements with two companies over security breaches caused by peer-to-peer (P2P) file sharing software. The settlements require the companies to establish and maintain comprehensive information security programs and to undergo data security audits by independent auditors every other year for 20 years.