On October 27, 2023, the Federal Trade Commission (FTC) announced an amendment to the Safeguards Rule under the Gramm-Leach-Bliley Act (GLBA). This change will now mandate a broad spectrum of nonbank financial institutions to report the unauthorized acquisition of unencrypted, personally identifiable, nonpublic financial information pertaining to more than 500 customers to the FTC. Perkins Coie indicates that this newly-imposed notification responsibility will present a considerable shift for financial institutions that are under the FTC’s Safeguards Rule.
For these institutions, this implies an added layer of reporting stipulation to navigate, particularly in the event of a data breach. These notifications serve as an increased preventative measure in financial institutions’ security systems. Ensuring that instances of unauthorized data acquisition do not go unnoticed enables a prompt course of action, ultimately minimizing potential damage.
The goal of the GLBA is to provide consumers with privacy protections for their financial information. Therefore, the amendment to include enhanced reporting obligations serves to fortify these protections. This move is indicative of regulators’ intention to increase the level of security surrounding customers’ financial data and is part of larger trend of increasing data security measures worldwide. However, it is crucial for businesses to ensure they are compliant with these new obligations to avoid falling foul of the FTC regulations.
Providers of consumer financial products or services who are uncertain about whether they fall within the purview of this rule and are obliged to bring any data breaches to the attention of the FTC, should seek professional advice. Ensuring that you are in compliance with these rules is not only within the law, but it demonstrates to your customers that you are serious about the protection and safeguard of their financial information.