Skip to main content

FTC Issues Consent Order for GLBA Violations

In the run-up to the enforcement deadline for the Identity Theft Red Flag Rule (August 1, 2009 - more on that in another post), enforcement of the Gramm-Leach-Bliley Privacy Rule and Safeguards Rule has not been forgotten by the Federal Trade Commission.


This week, the FTC issued a consent order against mortgage lender James B. Nutter & Company for violations of GLBA resulting from the company's lack of an adequate information security program and safeguards.

This consent order, like similar orders issued by the FTC of late, provides a blueprint for executives and compliance officers: there are consequences that directly result from the failures to implement reasonable information security and privacy programs. The FTC order requires, among other things, that James B. Nutter & Company implement a comprehensive security program, and engage a third-party professional to perform an initial assessment of that program, followed by biennial assessments for 10 years. Compliance with an FTC consent order is more costly than establishing a compliance program from the start.


The FTC announcement
The FTC complaint
The Agreement and Consent Order

Subscribe To Viewpoints


Cynthia J. Larose

Member / Co-Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.