To strengthen data security protections for consumer financial information following widespread cyberattacks, the FTC recently issued much-anticipated final revisions to the Gramm-Leach-Bliley Act Safeguards Rule (Final Rule), following a 3-2 vote along party lines. The Final Rule represents a significant shift to more prescriptive information security requirements for non-banking financial institutions subject to the rule. With input and advice from partners at Wiley, Cooley and WilmerHale, this article analyzes the Final Rule’s changes and offers practical steps covered financial institutions can take now to comply with the rule’s new requirements, some of which take effect 30 days after publication in the Federal Register. See “Takeaways From Former FTC Officials on the Commission’s 2019 Enforcement: General, Financial and Children’s Privacy” (Apr. 8, 2020).