The FTC’s recently updated rule implementing GLB standards for safeguarding customer information replaces the flexibility previously given to financial institutions in developing an information security program with new prescriptive requirements. Our discussion topics include what these new requirements mean for specific aspects of such programs, assigning employee responsibility, conducting risk assessments, installing access controls, using encryption, and who is covered by the rule. We also offer suggestions for what issues financial institutions should consider in preparing to implement the new requirements and our expectations for enforcement.

Alan Kaplinsky, Ballard Spahr Senior Counsel, hosts the conversation, joined by Kim Phan, a partner in the firm’s Consumer Financial Services Group, and Doris Yuen, an associate in the Group.