The FTC has approved an amendment to the Safeguards Rule that would require non-banking institutions to report certain data breaches and other security events to the agency. The Safeguards Rule requires non-banking financial institutions to develop, implement, and maintain a comprehensive security program to keep their customers’ information safe.
The amendment requires financial institutions to notify the FTC no later than 30 days after discovery of a security breach involving the information of 500 consumers or more. The rule would apply to certain automobile dealerships.
This requirement becomes effective May 13, 2024.
