The Federal Trade Commission recently announced approval of an amendment to the federal Gramm-Leach-Bliley Act Safeguards Rule to require nonbank financial institutions to report to the FTC the unauthorized acquisition of unencrypted customer information involving at least 500 consumers (a "notification event"). The amendment becomes effective May 13, 2024.
A copy of the Final Rule is available at: Link to Final Rule
The amendment also provides:
- Notification must be made as soon as possible, and no later than 30 days after discovery of the event.
- Notice must be provided through an online form that will be available on the FTC's website.
- The notice will include:
+ the name and contact information of the reporting financial institution;
+ a description of the types of information that were involved in the notification event;
+ if the information is possible to determine, the date or date range of the notification event;
+ the number of consumers affected or potentially affected by the notification event;
+ a general description of the notification event; and
+ whether any law enforcement official provided a written determination that notifying the public of the breach would impede a criminal investigation or cause damage to national security, and a means for the Federal Trade Commission to contact the law enforcement official.
The three remaining FTC commissioners voted unanimously in favor of the amendment.
"Companies that are trusted with sensitive financial information need to be transparent if that information has been compromised. The addition of this disclosure requirement to the Safeguards Rule should provide companies with additional incentive to safeguard consumers' data," the Director of the FTC's Bureau of Consumer Protection said.
Ralph T. Wutscher
Maurice Wutscher LLP
20 N. Clark Street, Suite 3300
Chicago, Illinois 60602
Direct: (312) 551-9320
Fax: (312) 284-4751
Mobile: (312) 493-0874
Admitted to practice law in Illinois
Alabama | California | Florida | Illinois | Massachusetts | New Jersey | New York | Ohio | Pennsylvania | Tennessee | Texas | Washington, DC
NOTICE: We do not send unsolicited emails. If you received this email in error, or if you wish to be removed from our update distribution list, please simply reply to this email and state your intention. Thank you.
Our updates and webinar presentations are available on the internet, in searchable format, at: