FTC Proposes Finance Sector Encrypt Personal Data

by | Mar 8, 2019 | Compliance Blog Posts | 0 comments

After a 3-2 vote, the Federal Trade Commission (FTC) is moving forward with a rule that will expand financial safeguarding protocols that fall under the Gramm-Leach-Bliley Act of 1999.  The rule would require financial institutions based in the U.S. to encrypt the personal data of consumers, as well as implement two-factor authorization for a consumer to access their bank account.

FTC to Finance Sector: Encrypt Personal Data

This two-factor authorization process will require gathering factors such as a password, a code sent to a cellphone, a fingerprint, or facial recognition. It is unclear if this process applies only to online access, or at branch and drive-through access methods as well. In emergency situations, an alternative way to protect consumer data could be taken by these institutions.

“While our original groundbreaking Safeguards Rule from 2003 has served consumers well, the proposed changes are informed by the FTC’s almost 20 years of enforcement experience,” stated Andrew Smith, head of consumer protection at the FTC. “It also shows that, where we have rulemaking authority, we will exercise it as necessary to keep up with marketplace trends and respond to technological developments.”

However, Commissioners Noah Joshua Phillips and Christine S. Wilson criticized the rule, claiming that it “trades flexibility for a more prescriptive approach, potentially handicapping smaller players or newer entrants,” and that regulators should hold off for the result of cybersecurity initiatives being discussed by Congress to see if there is justification for the changes.

Consumer protection is a hot issue in 2019. Protect your organization from the risk of non-compliance.


Submit a Comment

Your email address will not be published. Required fields are marked *

Navigating the state and federal regulatory maze while mitigating risk is becoming more daunting every day for compliance leaders. Especially when dealing with agents in branch offices, reps using personal phones, or independents and BPOs marketing on your behalf. For almost 20 years, Gryphon has protected the largest and most valued brands in banking, insurance, manufacturing and home services from headline risk, brand damage, and costly fines associated with outbound marketing violations. Gryphon provides fully indemnified compliance services for any application, campaign, or any agent at any location, including third parties marketing on your behalf.

Avoid TCPA and DNC fines. Gryphon is the ONLY fully indemnified compliance service that is built for the highest-volume marketing organizations and integrates with any telephone, application or marketing system. Protect your business from TCPA and DNC Risk. The Cost of non-compliance extends far beyond the risk of fines. Since 1998, Gryphon’s highly patented suite of compliance services provides bulletproof compliance and protection from headline risk, brand damage, and costly penalties. Our service is FULLY INDEMNIFIED for compliance with state and federal TCPA laws and DNC regulations.

Our services apply all legal exemptions to those laws to help your business grow, and our experts provide customized consulting and support with expanding regulations. Bullet-proof compliance is only half the equation used to solve TCPA and DNC compliance issues.  Gryphon’s intelligent cloud engine automatically applies legal exemptions (opt-ins) to make sure you are not over-suppressing legal contacts who want to hear from you. Gryphon’s Secure Cloud engine unlocks your largest marketable universe to maximize your outreach and protect every opportunity.


 gryphon marketing compliance icon protect every opportunity
Share This