FTC to Require More Data Breach Reporting, Security Plan

The agency will require a broad range of non-bank financial institutions to report when discovering breaches affecting 500 or more people.

Shane Snider , Senior Writer, InformationWeek

October 30, 2023

1 Min Read
Data protection concept depicting building a security plan.
Andriy Popov via Alamy Stock

The Federal Trade Commission (FTC) on Friday announced that an amendment to its Safeguards Rule would require non-banking financial institutions to report certain data breaches and other security events.

The agency’s Safeguards Rule now requires non-banking financial institutions like mortgage brokers, car dealers, accountants, investment advisers, and payday lenders to develop and maintain a comprehensive security program to keep customer data secure. The amendment strengthens changes made to the Safeguards Rule in 2021.

“Companies that are trusted with sensitive financial information need to be transparent if that information has been compromised,” Samuel Levine, director of the FTC’s Bureau of Consumer Protection, said in a statement. “The addition of this disclosure requirement to the Safeguards Rule should provide companies with additional incentive to safeguard consumers’ data.”

The new amendment requires those companies to report breaches to the FTC no later than 30 days after discovery of a security breach involving data of at least 500 consumers. The companies must also report the exact number of consumers affected or possibly affected.

The requirement becomes effective 180 days after publication of the rule in the Federal Register, the agency noted.

The broadened Safeguards Rule is under the 1999 Gramm-Leach-Bliley Act, which requires certain financial institutions to meet tougher data security requirements to protect consumer data -- as well as the institution’s own sensitive information. The FTC can impose fines on those failing to comply.

About the Author(s)

Shane Snider

Senior Writer, InformationWeek, InformationWeek

Shane Snider is a veteran journalist with more than 20 years of industry experience. He started his career as a general assignment reporter and has covered government, business, education, technology and much more. He was a reporter for the Triangle Business Journal, Raleigh News and Observer and most recently a tech reporter for CRN. He was also a top wedding photographer for many years, traveling across the country and around the world. He lives in Raleigh with his wife and two children.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights