Blog

Data Retention Critical to New FTC Regulations

The Federal Trade Commission (FTC) is proposing new cybersecurity requirements to its Gramm-Leach-Bliley Act (GLBA) Safeguards Rule. A central element of both New York State Department of Financial Services (NY DFS) policies and current FTC guidance on reasonable security is data retention.

Overview: The Federal Trade Commission is proposing new cybersecurity requirements to its Gramm-Leach-Bliley Act (GLBA) safeguard rules. A central tenet of New York State Department of Financial Services policies, as well as current FTC guidance on reasonable security, is data retention.

Why is This News Important: Under the proposed rule, financial institutions would need to designate someone within the company as responsible for overseeing the institution’s information security program. Financial institutions would also be required to periodically perform additional risk assessments, regularly test and monitor the effectiveness of its program, and have encryption and multifactor authentication data controls, among a host of other requirements. Data retention is a current guidance from FTC and NY DFS so is predicted to have a stronger presence with these new regulations.

Who This Applies To: Financial Institutions

How Exterro’s Software Helps Tackle These New Regulations: Manually performing data minimization/retention processes can be labor-intensive, especially for smaller financial institutions. But with a combination of structured processes and technology, risks and costs can both be reduced. The world's most trusted and defensible data retention and disposal software solution for meeting FTC and regulatory obligations is Exterro’s Data Retention platform.

‍