Require
• Implementation of certain technical changes/tools
• Required policy changes/updates
• Written reports and documentation
• Training requirements
Clarify that "customer record" is viewed very broadly
• Not just SSN or CC#
• Not even just N PPI
Does not change liability per se, still no private right of action, but:
- Enforcement penalties -($46, 517 /violation)
- U OAP violation as basis for state claims
Increased obligations re Third Parties
- Increased obligations internal systems and re Third Parties