As the Federal Trade Commission considers making changes to its existing standards for safeguarding customer information, ABA last week joined two other industry groups in a comment letter urging the commission to harmonize the changes with existing data protection rules. The association called on FTC to ensure that the updated rule—which would expand the requirements for companies under the FTC’s jurisdiction that collect and share customer data—aligns with FFIEC interagency guidelines, IT examination handbook and other supplementary guidance.
“Such harmonization will optimize cyber professionals’ time on frontline defense versus reconciling another topically similar, but semantically different regulatory regime, increase consumer understanding concerning the protection requirements for their data, and ultimately result in greater security across the entire ecosystem,” the groups wrote.
The associations also urged the FTC to map the revised rule to the FSSCC Cybersecurity Profile, rather than using the New York Department of Financial Services’ cybersecurity regulations and the NAIC model law as a baseline.
