Brief

Summary:

The Federal Trade Commission (FTC) has approved an amendment to the Safeguards Rule, requiring non-bank financial institutions to report data breaches and security events to the agency. The amendment aims to increase transparency and accountability among financial institutions, giving them an incentive to protect consumers' data. The rule requires institutions to notify the FTC within 30 days of discovering a breach involving at least 500 consumers, providing information about the incident. This amendment is expected to go into effect 180 days after publication in the Federal Register. The FTC's mission is to promote competition and protect consumers, and this amendment is part of that effort.

Enforcement

We enforce federal competition and consumer protection laws that prevent anticompetitive, deceptive, and unfair business practices.

View Enforcement

,

Search or browse
the Legal Library

Find legal resources and guidance to understand your business responsibilities and comply with the law.

Browse legal resources

,

Take action

,

Competition Matters

,

John Newman & Amy Ritchie, Bureau of Competition

,

,

Policy

We work to advance government policies that protect consumers and promote competition.

View Policy

,

Search or browse
the Legal Library

Find legal resources and guidance to understand your business responsibilities and comply with the law.

Browse legal resources

,

Take action

,

Technology Blog

,

Simon Fondrie-Teitler and Amritha Jayanti

,

,

Advice and Guidance

Learn more about your rights as a consumer and how to spot and avoid scams. Find the resources you need to understand how consumer protection law impacts your business.

,

Take action

,

Consumer Advice

,

Business Guidance

,

Servicemembers:
Your tool for financial readiness

Visit militaryconsumer.gov

,

Get consumer protection basics, plain and simple

Visit consumer.gov

,

Learn how the FTC protects free enterprise and consumers

Visit Competition Counts

,

Looking for competition guidance?

Competition Guidance

,

News and Events

,

,

Thursday, November 2, 2023 – Friday, November 3, 2023

,

Sign up for the latest news

Follow us on social media

         

,

About the FTC

Our mission is protecting consumers and competition by preventing anticompetitive, deceptive, and unfair business practices through law enforcement, advocacy, and education without unduly burdening legitimate business activity.

Learn more about the FTC

,

Looking for legal documents or records? Search the Legal Library instead.

,

Looking for legal documents or records? Search the Legal Library instead.

,

For Release

,

Amendment will require non-bank financial institutions to report when they discover that information affecting 500 or more people has been acquired without authorization

,

,

The Federal Trade Commission has approved an amendment to the Safeguards Rule that would require non-banking institutions to report certain data breaches and other security events to the agency.

The FTC’s Safeguards Rule requires non-banking financial institutions, such as mortgage brokers, motor vehicle dealers, and payday lenders, to develop, implement, and maintain a comprehensive security program to keep their customers’ information safe. In October 2021, the FTC announced it had finalized changes to the Safeguards Rule to strengthen the data security safeguards that financial institutions are required to put in place to protect their customers’ financial information. The FTC also sought comment on a proposed supplemental amendment to the Safeguards Rule that would require financial institutions to report certain data breaches and other security events to the Commission.

“Companies that are trusted with sensitive financial information need to be transparent if that information has been compromised,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “The addition of this disclosure requirement to the Safeguards Rule should provide companies with additional incentive to safeguard consumers’ data.”   

The amendment announced today requires financial institutions to notify the FTC as soon as possible, and no later than 30 days after discovery, of a security breach involving the information of at least 500 consumers. Such an event requires notification if unencrypted customer information has been acquired without the authorization of the individual to which the information pertains. The notice to the FTC must include certain information about the event, such as the number of consumers affected or potentially affected.

The breach notification requirement becomes effective 180 days after publication of the rule in the Federal Register.

The Commission voted 3-0 to publish the notice amending the Safeguards Rule in the Federal Register.

The lead staffers on this matter are David Lincicum and Mark Eichorn in the FTC’s Bureau of Consumer Protection.

,

The Federal Trade Commission works to promote competition and protect and educate consumers. Learn more about consumer topics at consumer.ftc.gov, or report fraud, scams, and bad business practices at ReportFraud.ftc.gov. Follow the FTC on social media, read consumer alerts and the business blog, and sign up to get the latest FTC news and alerts.

,

Office of Public Affairs

,

202-326-2924

Highlights content goes here...

Summary

The Federal Trade Commission (FTC) has approved an amendment to the Safeguards Rule, which requires non-banking financial institutions to report certain data breaches and other security events to the agency. The amendment aims to promote transparency and accountability among financial institutions that handle sensitive customer information.

Under the revised rule, financial institutions must notify the FTC within 30 days of discovering a security breach that affects 500 or more individuals. The notice must include details about the event, such as the number of affected consumers and the types of information compromised. The breach notification requirement will take effect 180 days after publication in the Federal Register.

The FTC’s goal is to ensure that financial institutions prioritize the security and protection of customer information. The agency believes that requiring disclosure of security breaches will incentivize institutions to implement robust data security measures and maintain transparency with their customers.

The Safeguards Rule applies to non-banking financial institutions, including mortgage brokers, motor vehicle dealers, and payday lenders. The revised rule aims to strengthen data security safeguards and prevent unauthorized access to sensitive customer information.

According to Samuel Levine, Director of the FTC’s Bureau of Consumer Protection, “Companies that are trusted with sensitive financial information need to be transparent if that information has been compromised. The addition of this disclosure requirement to the Safeguards Rule should provide companies with additional incentive to safeguard consumers’ data.””

The FTC works to promote competition

Federal Trade Commission

Quick Insight
RADA.AI
RADA.AI
Hello! I'm RADA.AI - Regulatory Analysis and Decision Assistance. Your Intelligent guide for compliance and decision-making. How can i assist you today?
Suggested

Form successfully submitted. One of our GRI rep will contact you shortly

Thanking You!

Login

Enter your Email

Enter your email id below to signup.

Enter your Email

Enter your email id below to signup.
Individual Plan
$125 / month OR $1250 / year
Features
Best for: Researchers, Legal professionals, Academics
Enterprise Plan
Contact for Pricing
Features
Best for: Law Firms, Corporations, Government Bodies