IT Examiner School, Providence, RI

Information Security Program

CFR Part 314 of the FTC Rules and Regulations – Standards for Safeguarding Customer Information

• This part, which implements sections 501 and 505(b)(2) of the Gramm- Leach-Bliley Act, sets forth standards for developing, implementing, and maintaining reasonable administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of customer information.

• This part applies to the handling of customer information by all financial institutions over which the Federal Trade Commission has jurisdiction.

Information Security Program

• GLBA does not specify the categories of financial institutions subject to the FTC’s jurisdiction; rather, section 505(a)(5) vests the Commission with enforcement authority with respect to ‘‘any other financial institution or other person that is not subject to the jurisdiction of any [other] agency or authority [charged with enforcing the statute].’’ • Financial institutions includes lenders, financial advisors, loan brokers and servicers, collection agencies, financial advisors, tax preparers, real estate settlement services, and others that are subject to GLBA.