Only months after the final compliance deadline to the amended Safeguards Rule, the Federal Trade Commission (FTC) has once again updated the rule to require that covered entities report certain breaches to the FTC. "Covered entities" include non-banking financial institutions such as mortgage lenders and brokers, finance companies, account servicers, collection agencies and financial advisers.
Effective 180 days after publication of the rule in the Federal Register, covered entities will need to report any breach that results in the unauthorized acquisition of unencrypted information involving more than 500 consumers to the FTC no later than 30 days after discovery. The report notice must be made electronically on the FTC's website, and it must include a description of the types of information involved: the date or date range of the event; the number of consumers affected, and a general description of the event.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
