FTC tweaks Safeguards Rule to address data breaches
By 
Kyle Brasseur2023-10-30T14:28:00
Nonbank financial institutions must report certain data breaches to the Federal Trade Commission (FTC) within 30 days of discovery under a new amendment to the agency’s Safeguards Rule.
The update to the rule, announced Friday, applies to cybersecurity incidents where the unencrypted information of at least 500 consumers is acquired without authorization. Covered entities must inform the FTC regarding the types of information accessed, the date range of the event, and the number of individuals affected.
The new requirement is scheduled to take effect 180 days after publication in the Federal Register.
THIS IS MEMBERS-ONLY CONTENT
You are not logged in and do not have access to members-only content.
If you are already a registered user or a member, SIGN IN now.
Related articles
-
News BriefAdobe: Penalties possible in FTC subscriptions probe
Software company Adobe disclosed it could face “significant monetary costs or penalties” resulting from an ongoing Federal Trade Commission investigation into its disclosure and subscription cancellation practices.
-
News BriefSEC risk alert flags branch office cybersecurity controls
The protection of customer personal data by branch offices of broker-dealers and investment advisers should be just as robust—and as well-coordinated—as protocols used by the firm’s home office, according to the Securities and Exchange Commission.
-
News Brief
SEC proposes Reg S-P updates on incident response, breach notifications
The Securities and Exchange Commission proposed amendments to its regulation requiring broker-dealers, investment companies, and registered investment advisers to establish policies and procedures to safeguard customer records and information.
More from Regulatory Policy
-
ArticleBank of England tightens liquidity requirements for U.K. banks
U.K. banks must reassess how quickly they could monetize their assets in the event of a crisis under new rules proposed by the Bank of England’s regulatory body, the Prudential Regulation Authority. The proposals are the first changes to the liquidity rules since these were updated in the aftermath of ...
-
ArticleEurope’s groundbreaking crypto rules put at risk by delays in implementation
Europe may have taken the lead in attempting to regulate cryptoasset firms before any other major jurisdiction, but a year after the ground-breaking rules came into force, it does not necessarily follow that they are robust or that the industry they are meant to hold accountable is embracing them.
-
ArticleCompliance must focus on corruption as EU and U.K. seek to tackle rising risks
Corruption isn’t something that happens somewhere else, in other countries and committed by other people. Nowhere is corruption-proof, and new rules being introduced in the EU and the U.K. aim to focus compliance officers on the full gamut of risks in all jurisdictions and every sector.