| BLOG
FTC Amends Safeguards Rule to Expand Notification Requirements for Data Breaches and Information Security Events

On October 27, 2023, the Federal Trade Commission (FTC) announced sweeping amendments to its Safeguards Rule. Now non-banking financial institutions will be required to report information security breaches and related events. This includes entities such as mortgage brokers, accountants, investment advisers, car dealers, and payday lenders, all of whom hold significant consumer personal financial information.

All such entities will now be required to develop and maintain a comprehensive information security program to keep customer data secure. Further, covered entities must report breaches to the FTC no later than 30 days after discovering a security breach that involves unauthorized acquisition of unencrypted data of 500 or more consumers. This notification must disclose not only the exact number of consumers affected but also the number who may potentially be affected.

Samuel Levine, Director of the FTC’s Bureau of Consumer Protection, noted that “Companies that are trusted with sensitive financial information need to be transparent if that information has been compromised…. The addition of this disclosure requirement to the Safeguards Rule should provide companies with additional incentive to safeguard consumers’ data.”  

The FTC developed the original 2003 Safeguards Rule to strengthen data security safeguards that financial institutions must put in place to protect their customers’ financial information. The Rule is based on the 1999 Gramm-Leach-Bliley Act, which required certain financial institutions (mainly banks) to meet defined data security requirements to protect the institutions’ sensitive information and consumer data. This amended breach notification requirement becomes effective 180 days after it’s published in the Federal Register.

  • Glenn E. Davis
    Partner

    Experience matters. For over 40 years, Glenn Davis’ unwavering commitment to clients has been the delivery of creative and efficient results in dynamic business disputes and cybersecurity challenges. His mission is to provide ...

Search Blog

Categories

Archives

Contact

Kerri Forsythe
618.307.1150
Email

Jump to Page

HeplerBroom LLC Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. For more information about how we use Cookies, please see our Privacy Policy.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek