The Federal Trade Commission (“FTC”) is holding its public workshop today on the proposed changes to the Gramm-Leach-Bliley Act of 1999’s Safeguards Rule (“Safeguards Rule”). For background, the Safeguards Rule requires financial institutions, and potentially affiliates and/or service providers, to keep customer information secure. The FTC has stated it seeks to modify the Safeguards Rule to “add more detailed requirements for what should be included in the comprehensive information security program[.]” As we previously discussed, the proposed changes would require financial institutions to: (1) encrypt all customer data; (2) implement access controls to prevent unauthorized users from accessing customer information; (3) user multifactor authentication to access customer data; and (4) submit periodic reports to their board of directors. While modifying the Safeguards Rule has been in discussion for several years now, dating as early as 2016, the FTC continues to move forward with its plans, as evidenced by the workshop.

The workshop will reflect the comments submitted by the public in the last few months relating to price models for specific elements of security programs; standards of security in other industries; the availability of security services aimed at different institutions; information about security testing; and costs of and potential alternatives to encryption and/or multifactor authentication. The workshop will focus and seek public input on the FTC’s proposed changes—organized into five panel discussions, titled:

  1. The Costs and Benefits of Information Security Programs;
  2. Information Security Programs and Smaller Businesses;
  3. Continuous Monitoring, Penetration, and Vulnerability Testing;
  4. Accountability, Risk Management, and Governance of Information Security; and
  5. Encryption and Multifactor Authentication.

For those interested in attending the virtual workshop, click here. The event is scheduled from 9 a.m. – 4:30 p.m. ET. For those unable to participate in the virtual workshop, you can follow along by checking out the live tweets from the FTC’s Twitter page (@FTC). Also, share your thoughts with your networks via Twitter by using the hashtag #SafeguardsFTC. Troutman Pepper will monitor discussions surrounding today’s workshop, and we will provide our thoughts later this week; stay tuned to learn more.