AFSA Comments on FTC Safeguards Rule

On Nov. 21, AFSA submitted a letter to the Federal Trade Commission (FTC) regarding the Commission’s Standards for Safeguarding Customer Information, the “Safeguards Rule.” AFSA urged the FTC to keep the flexible guidelines currently in the rule in place. Where appropriate, AFSA encouraged the FTC to provide a safe harbor.

AFSA’s letter stated: “Many AFSA members are federally-chartered banks or thrifts. As such, they already have extensive cybersecurity examinations from either the Office of the Comptroller of the Currency (OCC) or the Federal Reserve. The FTC’s Safeguards Rule and similar rules by the banking agencies are the basis for almost all credit cybersecurity requirements in the United States.” The letter went on to explain, “These requirements should continue to be flexible and consistent. Complying with inconsistent federal information security rules will be wasteful and will divert resources away from genuine risk based information security improvements.”

The FTC’s request for comment on the Safeguards Rule was part of its systemic review of all FTC rules and guides. As such, the FTC may opt not to amend the rule.