“On October 27, 2023, the Federal Trade Commission (FTC) announced an amendment in the Safeguard Rule of the Gramm-Leach-Bliley Act (GLBA). The modification brings in a requirement for non-bank financial institutions to report specific data breaches and other security events to the agency”. The following report provides an overview of the rule change and its implications on the industry.
The FTC’s Safeguards Rule requires financial institutions to have measures in place to ensure customer information’s safety. Originally, this rule applied to banking organizations, but with the new amendment, the scope has been extended to cover non-banking institutions. This significant development implies that non-bank entities, including mortgage lenders, payday lenders, finance companies, check cashers, professional tax preparers, and certain debt collectors will have to adhere to these safeguards.
According to the amendment details, these non-banking institutions not only need to implement security measures to protect their customer data, but also are obligated to report any breaches or security events promptly to the FTC. This reporting requirement introduces a new level of transparency, holding these firms more accountable for the data they hold and their efforts towards protecting it.
While such steps might come across as an additional responsibility for non-banking financial institutions, the change undoubtedly moves towards better trade practices and data management. It builds increased trust among consumers while pushing the sector to innovate their security measures.
For a more detailed account of the FTC’s amendment, click here. Legal professionals in the financial sector, especially those in non-banking institutions, should familiarize themselves with the new policies to ensure full compliance and optimize their institution’s response to any potential data breaches.