US government orders financial firms to report data breaches in less than 30 days
All non-banking financial institutions in the United States will soon have 30 days to report a data breach, something that apparently they weren’t obliged to do before, under new regulations from the US Federal Trade Commission (FTC).
The FTC recently amended its Safeguards Rules to include non-banking financial institutions such as mortgage brokers, investment firms, peer-to-peer lenders, and similar.
In a press release, the Commission noted it voted 3-0 to publish the notice amending the Safeguards Rule in the Federal Register. As per the amendments, any incident that affects at least 500 consumers – and especially incidents in which cleartext information was involved – needs to be reported.
Starting April 2024
“Companies that are trusted with sensitive financial information need to be transparent if that information has been compromised,” said FTC’s Director of Bureau for Consumer Protection, Samuel Levine. “The addition of this disclosure requirement to the Safeguards Rule should provide companies with additional incentive to safeguard consumers’ data.”
Incidents where encrypted data is stolen are exempt from the rules (unless the attackers stole the encryption key, too).
When submitting the notice, the companies need to detail the name and contact information of the reporting institution, the number of impacted consumers and of those potentially affected, the description of the types of data that have been potentially exposed, the exposure date, and, if possible to determine, the duration of the incident, confirmation if the police advised not to report the incident, BleepingComputer reported.
If the police asked the company to keep quiet so as not to affect the investigation, they’re allowed a 60-day delay, it was added.
This new requirement will come into force 180 days after being published in the Federal Register, meaning it will kick off in April 2024.
The FTC added that submitting a data breach doesn’t imply a violation of the Safeguards Rule or an investigation or enforcement action.
More from TechRadar Pro
All non-banking financial institutions in the United States will soon have 30 days to report a data breach, something that apparently they weren’t obliged to do before, under new regulations from the US Federal Trade Commission (FTC). The FTC recently amended its Safeguards Rules to include non-banking financial institutions such…
Recent Posts
- Dave Eggers told OpenAI staff that ChatGPT was ‘silencing an entire generation’
- France doubles down on restricting access to Polymarket
- Apple has banned home service content on upcoming Maps ads
- Google might not kneecap the Pixel 11a with an old processor
- How to watch France vs England: Free Streams, TV Channels & Kick-Off time for FIFA World Cup 2026 third place play-off
Archives
- July 2026
- June 2026
- May 2026
- April 2026
- March 2026
- February 2026
- January 2026
- December 2025
- November 2025
- October 2025
- September 2025
- August 2025
- July 2025
- June 2025
- May 2025
- April 2025
- March 2025
- February 2025
- January 2025
- December 2024
- November 2024
- October 2024
- September 2024
- August 2024
- July 2024
- June 2024
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023