View Rule

The Safeguards Rule, which was issued under the Gramm-Leach-Bliley (GLB) Act, requires each financial institution subject to the FTC's jurisdiction to develop a written information security program to keep customer information secure that is appropriate to its size and complexity, the nature and scope of its activities, and the sensitivity of the customer information at issue. Companies covered by the rule are also responsible for taking steps to ensure that their service providers safeguard customer information in their care. The Commission believes that the rule strikes an appropriate balance between allowing financial institutions flexibility and establishing standards for safeguarding customer information that are consistent with GLB's requirements.

As part of its ongoing systematic review of all rules and guides, on September 7, 2016, the Commission requested public comments on, among other things, the economic impact and benefits of the rule; possible conflict between the rule and State, local, or other Federal laws or regulations; and the effect on the rule of any technological, economic, or other industry changes. 81 FR 61632 (Sept. 7, 2016). The comment period closed on November 7, 2016. On March 5, 2019, the Commission announced a Notice of Proposed Rulemaking (NPRM). 84 FR 13158 (April 4, 2019). The public comment period as extended closed on August 2, 2019. 84 FR 24049 (May 24, 2019). Staff is reviewing approximately 50 comments that were submitted. On March 6, 2020, the Commission announced that a public workshop relating to the April 4, 2019 NPRM would be held on May 13, 2020. 85 FR 13082 (Mar. 6, 2020). However, due to the COVID-19 pandemic, the workshop was postponed until July 13, 2020.

The Commission is considering further action based on the comments received in response to the NPRM and workshop.