UNDERSTANDING THE REGULATIONS
FTC UPDATES SAFEGUARD RULES
The updated Safeguards Rule, institutions must also explain their information sharing practices, specifically the administrative, technical, and physical safeguards the financial institutions use to access, collect, distribute, process, protect, store, use, transmit, dispose of, or otherwise handle customers’ secure information. In addition, financial institutions will be required to designate a single qualified individual to oversee their information security program and report periodically to an organization’s board of directors, or a senior officer in charge of information security.
FTC also adopted technical changes to its authority under a separate Gramm-Leach Bliley Act rule, which requires financial institutions to inform customers about their information-sharing practices and allow customers to opt out of having their information shared with certain third parties. These changes align the rule with changes made under the 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank). Under Dodd-Frank, Congress narrowed the FTC’s jurisdiction under that rule to only apply to motor vehicle dealers.
FTC also adopted technical changes to its authority under a separate Gramm-Leach Bliley Act rule, which requires financial institutions to inform customers about their information-sharing practices and allow customers to opt out of having their information shared with certain third parties. These changes align the rule with changes made under the 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank). Under Dodd-Frank, Congress narrowed the FTC’s jurisdiction under that rule to only apply to motor vehicle dealers.
GLBA
The Gramm–Leach–Bliley Act (GLBA) is a US federal law that requires insurance companies to explain their information sharing practices to customers and to protect customers’ sensitive data. It also obliges insurers to track employee’s activities, especially those that relate to accessing protected customers’ records
CCPA
The California Consumer Privacy Act (CCPA) controls the collection, use, and sale of personal information of California residents. Insurance companies operating in California are subject to CCPA regulations, which include disclosure obligations and requirements related to consumer privacy rights
HIPAA
The Health Insurance Portability and Accountability Act (HIPAA) regulates health data in the US. This act aims to prevent fraud and abuse of personal healthcare data. US insurance providers dealing with medical records are required to protect sensitive data in compliance with HIPAA requirements.
SOX
The Sarbanes–Oxley Act (SOX) aims to make the activity of US insurance organizations more transparent and secure. It also prevents fraudulent actions and protects financial records. To meet SOX requirements, insurance organizations have to document every communication and financial operation
PCI DSS
The Payment Card Industry Data Security Standard (PCI DSS) is a set of standards that guarantee the security of credit card processing. Insurance providers around the world must be PCI DSS compliant as soon as they accept credit cards or store information about them (such as for payment of insurance policy premiums).
GDPR
The General Data Protection Regulation (GDPR) aims to secure personal information of European Union residents . Insurers that provide services to EU residents must comply with GDPR requirements regardless of where their businesses are registered and where business activity occurs