This week, the FTC issued a consent order against mortgage lender James B. Nutter & Company for violations of GLBA resulting from the company’s lack of an adequate information security program and safeguards.
This consent order, like similar orders issued by the FTC of late, provides a blueprint for executives and compliance officers: there are consequences that directly result from the failures to implement reasonable information security and privacy programs. The FTC order requires, among other things, that James B. Nutter & Company implement a comprehensive security program, and engage a third-party professional to perform an initial assessment of that program, followed by biennial assessments for 10 years. Compliance with an FTC consent order is more costly than establishing a compliance program from the start.
Links:
The FTC announcement
The FTC complaint
The Agreement and Consent Order