FTC Proposes Finance Sector Encrypt Personal Data
After a 3-2 vote, the Federal Trade Commission (FTC) is moving forward with a rule that will expand financial safeguarding protocols that fall under the Gramm-Leach-Bliley Act of 1999. The rule would require financial institutions based in the U.S. to encrypt the personal data of consumers, as well as implement two-factor authorization for a consumer to access their bank account.
FTC to Finance Sector: Encrypt Personal Data
This two-factor authorization process will require gathering factors such as a password, a code sent to a cellphone, a fingerprint, or facial recognition. It is unclear if this process applies only to online access, or at branch and drive-through access methods as well. In emergency situations, an alternative way to protect consumer data could be taken by these institutions.
“While our original groundbreaking Safeguards Rule from 2003 has served consumers well, the proposed changes are informed by the FTC’s almost 20 years of enforcement experience,” stated Andrew Smith, head of consumer protection at the FTC. “It also shows that, where we have rulemaking authority, we will exercise it as necessary to keep up with marketplace trends and respond to technological developments.”
However, Commissioners Noah Joshua Phillips and Christine S. Wilson criticized the rule, claiming that it “trades flexibility for a more prescriptive approach, potentially handicapping smaller players or newer entrants,” and that regulators should hold off for the result of cybersecurity initiatives being discussed by Congress to see if there is justification for the changes.