The Federal Trade Commission (FTC) has recently given approval for an amendment to the Safeguards Rule, a clause under the terrain of the Gramm-Leach-Bliley Act. This amendment has essentially created a new data privacy regulatory reporting requirement specifically for non-banking financial bodies, resulting in more stringent data safety measures, as reported by JD Supra.
Going forward, covered entities, which are essentially those that fall under the direct effect and rule of this new regulatory requirement, will be duty-bound to notify the FTC within a deadline of 30 days. This pertains to instances where they discover a “notification event”. One key instance of this is the unauthorized procurement of unencrypted customer information that pertains to a data pool of 500 or more consumers.
Brought into effect by Constangy, Brooks, Smith & Prophete, LLP, this new amendment is likely to have a significant impact on the landscape of legal rules governing non-banking entities and their duty towards consumer data privacy.
Given the increasing threats to data security in the digital age, this amendment might set a new tone for data protection regulatory measures not just in the non-banking financial sector, but could also echo across several industries. Unquestionably, it also means that such entities must revisit their standard practices and policies, ensuring they are compliant with these new regulations.
While the details of how these rules will be enforced and the repercussions of failing to adhere to them, remain to be seen, it is clear that non-banking institutions are stepping into a new era where data security obligations demand a higher degree of responsibility.