Amendment will require non-bank financial institutions to report when they discover that information affecting 500 or more people has been acquired without authorization.
The Federal Trade Commission has approved an amendment to the Safeguards Rule that would require non-banking institutions to report certain data breaches and other security events to the agency.
The FTC’s Safeguards Rule requires non-banking financial institutions, such as mortgage brokers, motor vehicle dealers, and payday lenders, to develop, implement, and maintain a comprehensive security program to keep their customers’ information safe. In October 2021, the FTC announced it had finalized changes to the Safeguards Rule to strengthen the data security safeguards that financial institutions are required to put in place to protect their customers’ financial information. The FTC also sought comment on a proposed supplemental amendment to the Safeguards Rule that would require financial institutions to report certain data breaches and other security events to the Commission.