United States of America: Partial implementation of Standards for Safeguarding Customer Information Rule

On 10 January 2022, the amended Standards for Safeguarding Customer Information Rule is partially implemented. In particular, sections 16 CFR 314.1, 314.2 and 324.3 enter into force. The amended Rule expands the entities subject to the new requirements, defining the "financial institution" as entities that engage in any activity that is considered to be financial in nature. Under the amended Rule, entities such as mortgage brokers, payday lenders and motor vehicle dealers are required to implement security systems to ensure the protection of the customer data. In particular, the amended Rule requires financial institutions to develop a comprehensive preventive and detective security system and appoint a responsible employee to implement the required security measures. The reporting requirements and compliance of the security system with the technical security standards, outlined in section 314.4, enter into force on 9 June 2023, following the FTC decision to postpone the implementation from from 9 December 2022.