Requirements / ff667b1484b0f0fd

This is a normalized obligation summary extracted deterministically from regulatory text. The structured fields below are parsed from the source—not AI-generated summaries.

Mandatory FINAL

Obligation Structure

Actor: provider
Modality: Mandatory
Duty: Safeguarding Customer Information
Conditions: If the data provider is not subject to section 501 of the Gramm-Leach-Bliley Act

Source Text

If the data provider is not subject to section 501 of the Gramm-Leach-Bliley Act, the data provider must apply to its developer interface the information security program required by the Federal Trade Commission's Standards for Safeguarding Customer Information, 16 CFR part 314.

Source Document: 2024-25079

Agency: Consumer Financial Protection Bureau

CFR Parts: 12 CFR 1001, 12 CFR 1033

Requirement Type: other

Lifecycle History

2/11/2026 ADDED — → FINAL 2024-25079

Subscribe to Updates

RSS Feed for this Obligation

Get notified when this obligation is modified in proposed, final, or codified rules.

Stable ID: ff667b1484b0f0fd