FTC requires nonbank financial institutions to report data breaches
Nonbank financial institutions, including mortgage brokers, motor vehicle dealers and payday lenders, must report certain data breaches and other security events to the Federal Trade Commission (FTC).
According to an amendment to the Commission’s Safeguards Rule announced Friday, these companies must notify the FTC as soon as possible and no later than 30 days after the data breach.
However, the obligation is only applicable when at least 500 customers were affected by the event and if unencrypted information has been acquired without the customers’ authorization.
“Companies that are trusted with sensitive financial information need to be transparent if that information has been compromised,” Samuel Levine, director of the FTC’s Bureau of Consumer Protection, said in a statement.
The possibility of requiring notification of data breaches and other security events has been discussed since October 2021, when the FTC sought comment on a proposed supplemental amendment to the Safeguards Rule.
At that time, the FTC proposed to require financial institutions to notify electronically of any security event that resulted or was likely to result in the misuse of customer information affecting at least 1,000 consumers. The FTC received 14 comments from industry groups, consumer advocates and individual consumers, among others.
Supporters said the data breach notice would enable the FTC to more easily enforce the rule that requires financial institutions to maintain a comprehensive security program to keep their customers’ information safe.
Meanwhile, opponents argued that it duplicates state breach notification laws and that the FTC could access and review regulated entities’ reports to consumers and state authorities.
In response, the FTC said that this indirect method would require diverting resources from enforcement to search for and collect information about breaches.
“Receipt of these notices will enable the commission to monitor for emerging data security threats affecting financial institutions and to facilitate prompt investigative response to major security breaches,” the FTC wrote in its final rule.
The Commission voted 3-0 to publish the notice amending the Safeguards Rule in the Federal Register – and the amendments are effective 180 days after publication.
More:- Federal Trade Commission
- Mortgage Broker
- Nonbank
- Nonbank Mortgage Servciers
PropertySea is the ultimate platform for all your real estate needs. Whether you're searching for your dream home, looking to sell or rent your property, or seeking investment opportunities, PropertySea is your one-stop destination.
Whether you're a homebuyer, seller, renter, or investor, PropertySea is your trusted partner in the real estate market. Discover a world of possibilities, connect with expert agents, and make your property dreams a reality. Start your real estate journey with PropertySea today and experience the convenience, efficiency, and reliability of our comprehensive platform.
Originally posted on: https://www.housingwire.com/articles/ftc-requires-nonbank-financial-institutions-to-report-data-breaches/