Amended the Safeguards Rule to require non-banking financial institutions to report data security breaches

The Federal Trade Commission (FTC) has amended the Safeguards Rule to require non-banking financial institutions to report data security breaches. This amendment applies to institutions that discover unauthorized acquisition of information affecting 500 or more people. The Safeguards Rule already requires these institutions to have comprehensive security programs in place. The amendment aims to increase transparency and incentivize companies to protect consumers’ data. Financial institutions must notify the FTC within 30 days of discovering a breach involving at least 500 consumers’ information. The notification should include details about the event. The breach notification requirement will take effect 180 days after publication in the Federal Register. The FTC voted 3-0 to publish the notice amending the Safeguards Rule.

Original Story: https://www.ftc.gov/news-events/news/press-releases/2023/10/ftc-amends-safeguards-rule-require-non-banking-financial-institutions-report-data-security-breaches