The Federal Trade Commission (FTC) has amended the Safeguards Rule requiring non-banking financial institutions to report data breaches. The FTC’s Safeguards Rule requires non-banking financial institutions, such as mortgage brokers, motor vehicle dealers and payday lenders, to develop, implement and maintain a comprehensive security program to keep their customers’ information safe. 

The amendment requires financial institutions to notify the FTC as soon as possible, and no later than 30 days after discovery, of a security breach involving the information of at least 500 consumers.

Such an event requires notification if unencrypted customer information has been acquired without the authorization of the individual to which the information pertains. The notice to the FTC must include certain information about the event, such as the number of consumers affected or potentially affected.