November/December 2021

orderForm.title

orderForm.productCode

orderForm.description

orderForm.quantity

orderForm.itemPrice

orderForm.price

orderForm.totalPrice

orderForm.deliveryDetails.name

orderForm.deliveryDetails.accountNumber

orderForm.deliveryDetails.phone

orderForm.deliveryDetails.poNumber

orderForm.deliveryDetails.email

orderForm.deliveryDetails.companyName

orderForm.deliveryDetails.billingAddress

orderForm.deliveryDetails.deliveryAddress

orderForm.deliveryDetails.deliveryDetailsDeliveryAddressSameAsBillingAddress

orderForm.deliveryDetails.address1

orderForm.deliveryDetails.address2

orderForm.deliveryDetails.city

orderForm.deliveryDetails.state

orderForm.deliveryDetails.postCode

orderForm.deliveryDetails.country

orderForm.deliveryDetails.additionalInformation

orderForm.noItems

Guest Commentary

By Jeff Schultz, Romaine Marshall and Casey Waughn Armstrong Teasdale

FTC Expands the Safeguards Rule, Anticipates ‘Technological Shifts’

Since 2010, the Federal Trade Commission has resolved more than 50 cases involving alleged cybersecurity incidents and data privacy violations. In 12 of these cases, the FTC targeted directors and officers, in addition to their organizations. In short, the FTC has been an active enforcer of consumer rights per Section 5 of the FTC Act, which prohibits unfair and deceptive practices.

But 2019 was a year like no other for the FTC. In the span of two days, July 22-24, the FTC announced a $700 million settlement with Equifax for a data breach and a $5 billion civil penalty against Facebook for violating consumers’ privacy. In comparison, the subsequent two years were relatively quiet. Now, within the last few months, the FTC has again reaffirmed its status as a key cybersecurity enforcer.

THE ‘UPDATE’ ERA BEGINS On Oct. 1, the FTC’s new Chair Lina Khan declared: “Policing data privacy and security is now a mainstay of the FTC’s work” and “we must update our approach to keep pace with new learning and technological shiſts.” On Oct. 27, the FTC updated the Safeguards Rule, something it hadn’t done since 2002. Te rule requires financial institutions to implement measures that keep customer information secure. In addition to developing their own safeguards, companies covered by the rule are responsible for taking steps to ensure that their affiliates and service providers also safeguard customer information in their care.

20 mobankers.com

Notably, the definition of “financial institution” includes many businesses that may not normally describe themselves that way. In fact, the rule applies to all businesses, regardless of size, that are “significantly engaged” in providing financial products or services. Tis includes, for example, check-cashing businesses, payday lenders, mortgage brokers, nonbank lenders, personal property or real estate appraisers, professional tax preparers, courier services and even ATM providers who receive customer information.

WHAT THE RULE MODIFIES Generally speaking, the rule outlines five modifications to the previous Safeguards Rule. 1. more detailed guidance on how to develop and implement Written Information Security Programs 2. added provisions designed to improve the accountability of WISPs

3. exemption of some financial institutions that collect less customer information

4. expansion of the definition of financial institutions to include “finders” — companies that bring together buyers and sellers of a product or service covered by the rule

5. provision of defined terms and related examples

KEY TAKEAWAYS FOR ‘FINANCIAL INSTITUTIONS’ Te rule further supports the common threads that have emerged from the patchwork of legal, regulatory and industry

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Page 13 | Page 14 | Page 15 | Page 16 | Page 17 | Page 18 | Page 19 | Page 20 | Page 21 | Page 22 | Page 23 | Page 24 | Page 25 | Page 26 | Page 27 | Page 28 | Page 29 | Page 30 | Page 31 | Page 32