FTC Staff to Offer Safeguards Rule Training

The Federal Trade Commission has announced that its staff will offer a training program for financial institutions that are subject to its Safeguards Rule. That Rule implements the safeguards provisions of the Gramm-Leach-Bliley Act (GLB Act), which require that the Commission and certain other federal agencies establish standards for financial institutions relating to administrative, technical, and physical safeguards for customer information. Such "financial institutions" include companies that engage in a very broad range of "financial activities," including: brokering or servicing any type of consumer loans; transferring or safeguarding money; preparing individual tax returns; providing financial advice or credit counseling; providing residential real estate settlement services; collecting consumer debts; and an array of other activities. A list of the financial activities that trigger the Rule can be found on the financial privacy page of the FTC's Web site, www.ftc.gov. The Safeguards Rule applies not only to financial institutions that collect information from their own customers, but also to financial institutions - such as credit reporting agencies - that receive customer information from other financial institutions.

The Rule, which takes effect on May 23, 2003, requires financial institutions over which the FTC has jurisdiction to develop, implement, and maintain a written information security program that contains comprehensive administrative, technical, and physical safeguards. As part of its program, each financial institution must:

• Designate an employee or employees to coordinate its information security program;
• Identify reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of information, and assess the sufficiency of any safeguards in place to control the risks;
• Design and implement safeguards to control reasonably foreseeable risks, and monitor the effectiveness of these safeguards;
• Take reasonable steps to select and retain service providers that are capable of maintaining appropriate safeguards for customer information and require them, by contract, to implement and maintain such safeguards; and
• Adjust the information security program in light of developments that may materially affect the entity's safeguards.

The training program will be offered on two dates: June 9, from 10-11 a.m., and June 23, from 2-3 p.m. Both sessions will be held in Washington, DC, at 601 NJ Avenue N.W, in the Conference Center Room A on the first floor. The sessions are open to the public, and there is no advance registration. Interested parties who cannot attend are encouraged to participate by telephone; instructions on how to dial in will be posted on the FTC's website at www.ftc.gov one day in advance of each presentation. For more information on the Safeguards Training program, please contact Laura Berger or Ellen Finn at (202) 326-3224.

Media Contact:

FTC Office of Public Affairs
202-326-2180