On Oct. 27, 2023, the Federal Trade Commission (FTC) amended its Standards for Safeguarding Customer Information (the Safeguards Rule), promulgated under the Gramm-Leach-Bliley Act (GLBA), to require financial institutions to provide notice to the FTC of data breaches that impact 500 or more consumers (the Amendment). This comes after the FTC’s major update to the
Jessica Pedersen advises businesses on complex data privacy and cybersecurity issues. Jessica has experience counseling a diverse range of companies on compliance with both existing and emerging privacy and security laws, including the E.U.’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). In addition, she assists clients in preparing for and responding to cybersecurity threats, including designing data breach tabletop exercises, managing data breach response, and defending privacy and data breach litigation. Jessica also represents clients in related regulatory investigations. She is a certified privacy professional through the International Association of Privacy Professionals (CIPP/US).
On Aug. 11, 2022, the U.S. Consumer Financial Protection Bureau issued guidance indicating that financial institutions and service providers that fail to adopt sufficient data security measures to protect consumer financial data may violate the Consumer Financial Protection Act provision prohibiting unfair acts and practices.
Beginning in April 2022, banking organizations and bank service providers will be subject to the shortest regulatory breach notification reporting time frame of any law to date – 36 hours.
On Oct. 27, 2021, the Federal Trade Commission (FTC) amended its Standards for Safeguarding Customer Information (the “Safeguards Rule”), promulgated under the Gramm-Leach-Bliley Act (GLBA).
This GT Alert covers the following: