The amendment will require non-bank financial institutions to report data breaches affecting 500 or more people.
10/27/2023 1:30 P.M.
3 minute read
The Federal Trade Commission will require non-banking institutions to report certain data breaches and other security events under an amendment to the Safeguards Rule announced Friday.
The Safeguards Rule requires covered financial institutions to develop, implement, and maintain an information security program with administrative, technical, and physical safeguards designed to protect customer information, according to the FTC. The rule defines customer information to mean “any record containing nonpublic personal information about a customer of a financial institution, whether in paper, electronic, or other form, that is handled or maintained by or on behalf of you or your affiliates.”
The FTC initially announced it had finalized changes to the Safeguards Rule in October 2021, and compliance was required by July 2023.
“Companies that are trusted with sensitive financial information need to be transparent if that information has been compromised,” said Samuel Levine, director of the FTC’s Bureau of Consumer Protection, in the news release. “The addition of this disclosure requirement to the Safeguards Rule should provide companies with additional incentive to safeguard consumers’ data.”
The amendment (PDF) requires financial institutions to inform the FTC as soon as possible, and no later than 30 days after discovery, of a security breach involving the information of at least 500 consumers.
This type of data breach requires notification to the FTC if unencrypted customer data has been acquired without their authorization. The notice to the FTC must include certain information about the event, such as the number of consumers affected or potentially affected.
The amendment for data breach notifications will take effect 180 days after publication of the rule in the Federal Register.
ACA International was extensively involved in advocacy on the Safeguards Rule on behalf of members and developed an online resource center and education on the rule. ACA’s advocacy also contributed to an extension of the original compliance deadline by six months.
Access the Safeguards Rule Resource Center here for compliance resources and ACA’s education as well as information from ACA’s Safeguards Rule security partner, TPx.
Webinar recordings related to the Safeguards Rule are available at ACA’s Store by selecting the Safeguards Rule topic.
Plus, if you’re a small business in the accounts receivable management (ARM) industry, Collector magazine recently published cybersecurity tips for small and medium-sized businesses. In the article, Jonathan Goldberger, senior vice president of TPx, shares tips for avoiding phishing scams, using multifactor identification, protecting yourself against ransomware attacks and more.
More Cybersecurity Insights at Fall Forum
Join us for even more cybersecurity education at the upcoming 2023 Fall Forum, Nov. 8-10 in Chicago, where the “Stay Ahead in the Digital Age: The Changing Face of Cybersecurity in Accounts Receivable Management” session will explore the interplay between cybersecurity and the ARM industry and teach you how to adapt and respond to cyber threats.
Remember, subscribe to ACA Daily and Member Alerts under your My ACA profile when logged in to acainternational.org to receive updates on the ACA Huddle.