• |

    Nov. 17, 2021

How Financial Institutions Should Strengthen Their Data Security to Comply With FTC’s Updated Safeguards Rule

To strengthen data security protections for consumer financial information following widespread cyberattacks, the FTC recently issued much-anticipated final revisions to the Gramm-Leach-Bliley Act Safeguards Rule (Final Rule), following a 3-2 vote along party lines. The Final Rule represents a significant shift to more prescriptive information security requirements for non-banking financial institutions subject to the rule. With input and advice from partners at Wiley, Cooley and WilmerHale, this article analyzes the Final Rule’s changes and offers practical steps covered financial institutions can take now to comply with the rule’s new requirements, some of which take effect 30 days after publication in the Federal Register. See “Takeaways From Former FTC Officials on the Commission’s 2019 Enforcement: General, Financial and Children’s Privacy” (Apr. 8, 2020).

Data Localization: Cybersecurity Challenges Abound

CISOs point to a catalog of problems emerging as data localization laws continue to spread beyond the 144 measures imposed by 62 countries. Challenges include weakened threat monitoring, fragmented cyber hygiene efforts and internal tensions between privacy, business and cybersecurity teams. This final article in a three-part series on managing data localization laws details consequences for cybersecurity and companies’ possible responses, and includes insight from the chief security officer of Mastercard. Part one explained five varieties of localization laws and surveyed 2021’s enforcement and fines. Part two described several compliance consequences and one international company’s approach to localization. See “Reconciling Data Localization Laws and the Global Flow of Information” (Oct. 11, 2017).

Practical Approaches to Conducting Transfer Impact Assessments Under the GDPR

The rules for cross-border data transfers under the GDPR continue to evolve in the wake of the 2020 E.U. Court of Justice Schrems II decision, which invalidated the Privacy Shield mechanism for transfers between the U.S. and Europe. In this article, we distill insights from senior privacy leaders at Carnival Corporation & plc, Amgen and OneTrust, shared at IAPP’s Privacy.Security.Risk 2021 event, on navigating the shifting landscape and practical approaches for conducting transfer impact assessments given the challenges faced by businesses that must move data across borders on a daily basis. See our two-part series on personal data transfers after Year Zero: “Are the New SCCs a Paradigm Shift?” (Jun. 30, 2021); and “A More Appealing Set of EDPB Recommendations?” (Jul. 14, 2021).

Womble Expands Communications, Technology and Media Communications Team in Boston

E. Barlow Keener has joined Womble Bond Dickinson as senior division counsel on its GCSolutions and communications, technology and media communications teams, where he advises clients on transactional, state, and federal regulatory advocacy and compliance matters.

Most-Read Articles

Cybersecurity Resolutions for 2021

In this quick take video, we talk about some of our cybersecurity resolutions for 2021.