Proposed Amendments to FTC Regulations Governing Privacy and Consumer Data

Home » Blog »


Share on facebook
Share on twitter
Share on linkedin

Get a Free Compliance Review

Our trusted legal counsel can help ensure your business stays compliant.
  • This field is for validation purposes and should be left unchanged.
Print Friendly, PDF & Email

March 7, 2019

FTC Regulation

The Federal Trade Commission (“FCC”) has recently announced that it is seeking comment on proposed amendments to two existing FTC regulations that aim to protect the privacy and security of customer information collected and stored by financial institutions.  Specifically, the amendments would modify the “Safeguards Rule” and “Privacy Rule” under the Gramm-Leach-Bliley Act.

The proposed amendments largely focus on establishing additional consumer data security measures that financial institutions will be required to implement.  However, the amendments also seek to broaden the scope of the FTC regulations to include online marketing agencies that generate leads on behalf of those businesses that fall within the definition of “financial institutions.”

How Do I Best Ensure that My Business Complies with the Amended FTC Regulations?

Key Elements of the Proposed FTC Regulation Amendments

The proposed FTC regulation amendments would require that financial institutions: (a) encrypt all customer data that they collect, store and transmit; (b) implement access controls to prevent unauthorized individuals from accessing customer data; and (c) implement multifactor authentication prior to providing access to accounts. In addition, pursuant to the proposed amendments, financial institutions would be required to submit periodic compliance reports to their respective boards of directors.

Further, the proposed amendments would expand the definition of “financial institution” as used in both the Privacy Rule and Safeguards Rule to specifically include “finders” – marketing entities that charge a fee to connect consumers who are looking for a financial product with prospective financial services providers. This change could have a significant impact on online marketers that were not previously required to comply with the provisions of the Privacy Rule or the Safeguards Rule.

Liability Under the Privacy Rule and the Safeguards Rule

Violations of the Privacy Rule and/or Safeguards Rule may result in significant fines, penalties and other liability. Therefore, financial institutions, as well as the online and mobile marketers who perform marketing services on their behalf, should closely monitor the amendment process associated with these key FTC regulations.  Upon finalization of the proposed amendments, affected business entities should consult with experienced counsel to ensure that all consumer data collection, use and sharing practices, as well as internal security protocols, are compliant with the updated Privacy Rule and Safeguards Rule, as well as other applicable laws.

If you are interested in learning more about this topic or require assistance in connection with consumer data privacy compliance for your business, please e-mail us at, or call us at (212) 246-0900.

The material contained herein is provided for informational purposes only and is not legal advice, nor is it a substitute for obtaining legal advice from an attorney.  Each situation is unique, and you should not act or rely on any information contained herein without seeking the advice of an experienced attorney.

Attorney Advertising

Similar blog posts:

FTC Seeks Comment on Federal Email Law

FTC to Take Additional Steps to Rein in Influencer Marketing?

FTC Issues Recommendations to Thwart Mobile Cramming

Trending Topics