WASHINGTON—Efforts by the Federal Trade Commission's (FTC) to modernize its Safeguards Rule is getting support from NAFCU.
The proposed amendments would amend the FTC's implementation of the Gramm-Leach Bliley Act's (GLBA) safeguards provisions by aligning data security standards for nonbank financial companies more closely with those already established by prudential regulators.
"Although federally insured credit unions are not subject to the FTC's Safeguards Rule, they follow regulations and guidance promulgated by the National Credit Union Administration (NCUA) and the Federal Financial Institutions Examination Council (FFIEC)," wrote Andrew Morris, NAFCU's senior counsel for research and policy, in a letter to the agency. "Given the severity and extent of recent data breaches at financial companies subject to the FTC's jurisdiction and Safeguards Rule, such as Equifax, it is imperative to adopt more comprehensive security requirements."
Recommendations Offered
Morris acknowledged that the proposed incident response plan is an improvement in regard to cyber hygiene, but recommended that the FTC consider additional reporting and notification requirements to "ensure that security breaches can be contained and mitigated as quickly as possible."
"NAFCU considers mandatory reporting and disclosure essential in any federal data security standard and has, for many years, advocated for legislation that would hold merchants and other entities handling financial information accountable for the consequences of data breaches," Morris said.