August 2, 2019
Via Electronic Submission through https://www.regulations.gov/docket?D=FTC-2019-0019
David Lincicum and Allison M. Lefrak
Division of Privacy and Identity Protection
Bureau of Consumer Protection
Federal Trade Commission
600 Pennsylvania Avenue, NW
Washington, DC 20580
Re: Notice of Proposed Rulemaking – Standards for Safeguarding Customer Information, RIN 3084-AB35 (Safeguards Rule, 16 C.F.R. part 314, Project No. P145407)
Ladies and Gentlemen:
The Bank Policy Institute (BPI) – BITS, the American Bankers Association (ABA), and the Securities Industry and Financial Markets Association (SIFMA) (collectively, the “Associations”)1 appreciate the opportunity to comment on the Federal Trade Commission’s (“FTC”) proposal to amend the Standards for Safeguarding Customer Information (the “Safeguards Rule” or “Rule”).2 We share your commitment to protecting the interests of all Americans by safeguarding their personal information. We agree with the FTC’s view that it is important “to provide financial institutions with the flexibility to shape  information security programs to their particular business and to allow the programs to adapt to changes in technology and threats to the security and integrity of customer information.”3
The Associations also appreciate the FTC’s efforts to clarify the scope of the Safeguards Rule in light of changes to the authority of the Privacy Rule. We also appreciate the FTC’s efforts to coordinate key aspects of its proposed amendments with other agencies’ regulatory provisions, notably, amending the definition of “financial institution” so that it cross-references permissible activities enumerated by the Federal Reserve Board in 12 C.F.R. §§ 225.28 and .86.4
1 Descriptions of the Associations are provided in Annex A of this letter.
2 16 C.F.R. part 314.
3 Safeguards Rule, 84 Fed. Reg. 13,158, 13,159 (proposed Apr. 4, 2019) (to be codified at 16 C.F.R. pt. 314).
4 Lists of permissible non-banking activities for bank holding companies and financial holding companies, respectively.