Updating the Safeguards Rule, but not for federally-insured credit unions

September 4, 2019 by Elizabeth M. Young LaBerge, NAFCU Compliance Blog

Earlier this year, the Federal Trade Commission (FTC) issued a proposed rule updating and enhancing its implementing regulations for the Gramm-Leach-Bliley Act (GLBA)’s Safeguards Rule. NAFCU has written of its support for the proposal. Several credit union compliance officers have asked about the proposal and its applicability to credit unions. The short story is that the update does not apply to federally-insured credit unions. The long story, including why this matters to credit unions, is below.

Which Safeguards Rule?

The Safeguards Rule is one of two central privacy provisions of the GLBA (the other being the Financial Privacy Rule which requires disclosure of a credit union’s privacy policy). The text of the Safeguards Rule can be found at 15 USC §6801(b) and is only 105 words long. It states that the enforcement agencies listed under section 6805(a) (except the CFPB) must establish “appropriate safeguards” for the protection of customer records and information for the financial institutions under their jurisdiction.

Section 6805(a)(2) indicates that for federally-insured credit unions, that enforcement agency would be NCUA. NCUA established those implementing regulations at Part 748 of its rules and regulations. Part 748 is not being amended or updated by NCUA at this time.

Updating the Safeguards Rule, but not for federally-insured credit unions

Stay connected to the credit union community with our free newsletter!

You have Successfully Subscribed!