Blog

Data Retention Critical to New FTC Regulations

The Federal Trade Commission (FTC) is proposing new cybersecurity requirements to its Gramm-Leach-Bliley Act (GLBA) Safeguards Rule. A central element of both New York State Department of Financial Services (NY DFS) policies and current FTC guidance on reasonable security is data retention.

Overview:
The Federal Trade Commission (FTC) is proposing new cybersecurity requirements to its Gramm-Leach-Bliley Act (GLBA) Safeguards Rule. A central element of both New York State Department of Financial Services (NY DFS) policies and current FTC guidance on reasonable security is data retention.

Why This News Is Important:
Under the proposed rule, financial institutions would be required to designate an individual responsible for overseeing the organization’s information security program. They would also need to conduct periodic risk assessments, regularly test and monitor the effectiveness of their security program, and implement controls such as encryption and multifactor authentication. Data retention, already emphasized in FTC and NY DFS guidance, is expected to play an even more significant role under these new regulations.

Who This Applies To:
Financial institutions

How Exterro’s Software Helps Tackle These New Regulations:
Manually managing data minimization and retention processes can be resource-intensive, particularly for smaller financial institutions. However, combining structured processes with technology can significantly reduce both risk and cost. Exterro’s Data Retention platform provides a scalable and defensible solution to help organizations meet FTC and broader regulatory requirements.

Source:
Law.com – FTC Mirrors New York DFS With Potentially Costly Cybersecurity Proposal

‍