On March 2, 2020, the FTC announced its intention to hold a public workshop “seeking research, testimony, and other input on the proposed changes to the Safeguards Rule (16 CFR Part 314) under the Gramm-Leach-Bliley Act.” This virtual workshop will be online on July 13 from 9:00 – 4:30 p.m. EDT.  The final agenda is online.  The workshop will be webcast on the FTC’s website. You can find additional information about the workshop on the event page.

As noted in an FTC release last week, “the virtual workshop will feature five panel discussions examining such issues as: the costs and benefits of information security programs; how information security programs and practices scale to smaller businesses; continuous monitoring, penetration, and vulnerability testing; accountability, risk management, and governance of information security programs; and encryption and multifactor authentication.”

The speakers at the workshop are noted below:

  • The Costs and Benefits of Information Security Programs: Chris Cronin Partner, HALOCK Security Labs Serge Jorgensen CTO, Sylint Group Pablo Molina AVP and CISO, Drexel University; Faculty Lecturer, Georgetown University Sam Rubin Vice President, Crypsis
  • Information Security Programs and Smaller Businesses: Rocio Baeza CEO, CyberSecurity Base James Crifasi Chief Technical Officer and VP, RedZone Technologies Brian McManamon CEO and President, TECH LOCK Kiersten Todt Managing Director, Cyber Readiness Institute Lee Waters IT Manager, McCloskey Motors
  • Continuous Monitoring, Penetration, and Vulnerability Testing: Thomas Dugas Director of Information Security and CISO, Duquesne University Fredrick Lee Chief Information Security Officer, Gusto Scott Wallace Penetration Tester, Department of Homeland Security Nicholas Weaver Researcher, International Computer Science Institute
  • Encryption and Multifactor Authentication: Matthew Green Associate Professor, John Hopkins University Max Guise Head of Product Security and Security Engineering teams, Square Randy Marchany CISO, Virginia Tech Wendy Nather Head of the Advisory CISO Team at Duo Security (now Cisco)

March 2019, the FTC issued an NPR seeking comment on proposed changes to the Safeguards rule. CDIA filed a comment in connection with that process.

In connection with the March 2, 2020 FTC workshop notice, FTC Commissioners Rohit Chopra and Rebecca Kelly Slaughter issued one Statement Regarding Data Security and the Safeguards Rule (March 2, 2020) and FTC Commissioners Christine S. Wilson and Noah Joshua Phillips issued their own Concurring Statement (Feb. 28).