FTC says financial institutions must disclose data breaches in 30 days

Image via Unsplash

The Federal Trade Commission (FTC) has amended the Safeguards Rule requiring non-banking financial institutions to report data breaches. The FTC’s Safeguards Rule requires non-banking financial institutions, such as mortgage brokers, motor vehicle dealers and payday lenders, to develop, implement and maintain a comprehensive security program to keep their customers’ information safe.

The amendment requires financial institutions to notify the FTC as soon as possible, and no later than 30 days after discovery, of a security breach involving the information of at least 500 consumers.

Such an event requires notification if unencrypted customer information has been acquired without the authorization of the individual to which the information pertains. The notice to the FTC must include certain information about the event, such as the number of consumers affected or potentially affected.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.