The U.S. Federal Trade Commission (FTC) has introduced mandatory reporting of data breaches for non-banking financial institutions.
In the event of a data breach involving plain text personal information of more than 500 individuals, the incident must be reported to the FTC within 30 days of discovery. Additionally, the institutions are required to disclose the total number of people affected by the data leak.
FTC’s Safeguards Rule Expanded
Two years ago, the FTC revised the Safeguards Rule in response to the rising number of data breaches. The rule imposed new security requirements on non-banking financial institutions, such as mortgage lenders and loan providers, aimed at safeguarding customer data. The Safeguards Rule has now been expanded to include mandatory data breach reporting, which will become effective in six months.
Push for Greater Transparency and Consumer Protection
Samuel Levine of the FTC emphasized the need for companies entrusted with sensitive financial information to be transparent when such data is compromised. “The addition of this reporting requirement to the Safeguards Rule should further incentivize companies to protect consumer data,” he said.
The amendment comes as a proactive measure to hold financial institutions accountable and ensure robust data protection mechanisms are in place. It serves as a stern warning that lax security measures will not be tolerated, particularly at a time when cyber threats are growing exponentially in both scale and sophistication.