Press "Enter" to skip to content

FTC Amends Safeguards Rule; Nonbank Financial Institutions Must Report Data Breaches to the FTC

FTCThe Federal Trade Commission recently announced approval of an amendment to the Gramm-Leach-Bliley Act Safeguards Rule to require nonbank financial institutions to report to the FTC the unauthorized acquisition of unencrypted customer information involving at least 500 consumers (a “notification event”). The amendment becomes effective May 13, 2024.

The amendment also provides:

  • Notification must be made as soon as possible, and no later than 30 days after discovery of the event.
  • Notice must be provided through an online form that will be available on the FTC’s website.
  • The notice will include:
    • the name and contact information of the reporting financial institution;
    • a description of the types of information that were involved in the notification event;
    • if the information is possible to determine, the date or date range of the notification event;
    • the number of consumers affected or potentially affected by the notification event;
    • a general description of the notification event; and
    • whether any law enforcement official provided a written determination that notifying the public of the breach would impede a criminal investigation or cause damage to national security, and a means for the Federal Trade Commission to contact the law enforcement official.

The three remaining FTC commissioners voted unanimously in favor of the amendment.

“Companies that are trusted with sensitive financial information need to be transparent if that information has been compromised. The addition of this disclosure requirement to the Safeguards Rule should provide companies with additional incentive to safeguard consumers’ data,” the Director of the FTC’s Bureau of Consumer Protection said. 

For more information and insight from Maurice Wutscher on data privacy and security laws and how to stay compliant click here.

Photo: Refrina/

Print Friendly, PDF & Email

Eric Rosenkoetter is a principal at Maurice Wutscher LLP, where he provides counsel to businesses and consumer financial services firms nationwide. For many years, he has focused his practice on various aspects of financial services law. As a litigation attorney, he has conducted every aspect of the litigation process, including countless depositions, motion proceedings, bench and jury trials, and appeals in various courts. In addition, he has significant experience as a compliance and transactional attorney, providing strategic, business growth, legislative, compliance and regulatory advice to national corporations and trade associations. For example, he has drafted consumer contracts and disclosures designed to state-specific statutory requirements, and developed “Best Practices” guides and state-by-state compliance grids, for national financial services companies. He also conducted research and crafted a metrics report for a national trade association with analysis designed to counter the claims of advocacy groups. Eric’s experience also includes working for a national corporation as Executive Counsel, Chief Compliance and Ethics Officer, and Director of Legislative Affairs, and as a federal lobbyist and Director of Government and Public Affairs for a national financial services trade association. In the government sector, Eric presided over approximately 6,000 state administrative hearings, served as a staff attorney for the Missouri Senate, and handled litigation in 33 counties as a regional managing attorney. Eric frequently speaks to audiences on topics relevant to the financial services industry including regulatory compliance, data privacy law and related advocacy initiatives. For more information, see

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.