FTC data breach reporting requirement overview:
- Who: The Federal Trade Commission has amended its financial data security rule called the Standards for Safeguarding Customer Information — or “Safeguards Rule.”
- Why: Under the amendment, non-bank financial institutions such as payday lenders, mortgage brokers and motor vehicle dealers will be required to report to the FTC any data breaches or security incidents in which the data of at least 500 consumers was acquired without authorization.
- Where: The Safeguards Rule was put in place to help protect consumers nationwide.
The Federal Trade Commission (FTC) will now be requiring non-bank financial institutions to report data breaches and security incidents to the commission in the event the data of at least 500 consumers has been acquired without authorization.
The amendment was applied to the FTC’s Standards for Safeguarding Customer Information — or “Safeguards Rule,” for short — and impacts non-bank financial institutions including payday lenders, mortgage brokers and motor vehicle dealers.
The non-bank financial institutions will be required to notify the FTC about the aforementioned security incidents and data breaches as soon as possible, and no later than 30 days after they are discovered.
“The addition of this disclosure requirement to the Safeguards Rule should provide companies with additional incentive to safeguard consumers’ data,” said Samuel Levine, director of the FTC’s Bureau of Consumer Protection, in a statement.
Non-bank financial institutions were already obligated under the agency’s Safeguards Rule to develop, implement, and maintain a “comprehensive security program to keep their customers’ information safe,” according to the agency.
FTC votes 3-0 to publish notice amending Safeguards Rule in the Federal Register
The commission voted 3-0 to publish the notice amending the Safeguards Rule in the Federal Register, with the amendment set to go into effect 180 days after publishing.
“Companies that are trusted with sensitive financial information need to be transparent if that information has been compromised,” Levine said.
The FTC previously announced in October 2021 that it had finalized changes to its Safeguards Rule that it said strengthened data security safeguards required to be put in place by financial institutions to protect the financial information of their customers.
The agency had also sought comment at that time on a proposed supplemental amendment to the Safeguards Rule that would require financial institutions to report to the commission certain data breaches and security incidents.
Software company Bitdefender revealed in an April report that, within the past year, the majority of security professionals working for US organizations were told not to disclose data breaches that had occurred, despite having an obligation to do so.
What do you think about the FTC’s amendment to its Safeguards Rule? Let us know in the comments!
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
8 thoughts onFTC to require more entities to report data breaches
add me
Filed many of FTC reports no updates and always the say result nothing almost feeling like they not even reporting the identity theft it’s really made my credit score drop a whole lot . What a Nightmare please help Me Thanks
Add My Name
Mr Cooper exposed my personal data
My identity was stolen back in 2014 and has been a nightmare. I have to keep a file update with the FTC every
every 30 days, even if nothing has changed. If something changes the FTC only has room for a person
To report so many instances of identity theft. You must erase previous instances. I receive notices all
The time that my information was used for a payday loan, credit card, security breach, etc. I follow up
On each one even though everything is locked, just in case. Companies are going to keep getting away
With lack security by just sending a letter and offering free credit monitoring. I think everyone in the
United States has free credit monitoring. Congress needs to act and add more punitive damages to
Companies
Add me please
I have been warned that my information has bee breached very often, sometimes one or two times per week. This is such a way of modern life that I just assume that legitimate businesses are the only ones that DON’T have my information. This has been so since Google lost my information first in the early 2000s. What with businesses clearly stating in the fine nprint that they will share our info with their “trusted partners”., only we are told trust nobody with the info. Oxymoronish if yopu ask me, besides which you still ‘can’t put spilled milk back into the bottle”. 1000+ data breaches later, and the leaks still have yet to be plugged. 300-500 scam emails a day are testament to that.
Add me