FTC tweaks Safeguards Rule to address data breaches
By 
Kyle Brasseur2023-10-30T14:28:00
Nonbank financial institutions must report certain data breaches to the Federal Trade Commission (FTC) within 30 days of discovery under a new amendment to the agency’s Safeguards Rule.
The update to the rule, announced Friday, applies to cybersecurity incidents where the unencrypted information of at least 500 consumers is acquired without authorization. Covered entities must inform the FTC regarding the types of information accessed, the date range of the event, and the number of individuals affected.
The new requirement is scheduled to take effect 180 days after publication in the Federal Register.
Related articles
-
News BriefAdobe: Penalties possible in FTC subscriptions probe
Software company Adobe disclosed it could face “significant monetary costs or penalties” resulting from an ongoing Federal Trade Commission investigation into its disclosure and subscription cancellation practices.
-
News BriefSEC risk alert flags branch office cybersecurity controls
The protection of customer personal data by branch offices of broker-dealers and investment advisers should be just as robust—and as well-coordinated—as protocols used by the firm’s home office, according to the Securities and Exchange Commission.
-
News Brief
SEC proposes Reg S-P updates on incident response, breach notifications
The Securities and Exchange Commission proposed amendments to its regulation requiring broker-dealers, investment companies, and registered investment advisers to establish policies and procedures to safeguard customer records and information.
More from Regulatory Policy
-
PremiumEU moves to simplify GDPR and AI Act obligations, raising compliance questions for companies
For the past decade, Europe has led in creating strong but flexible rules for data use and safe AI development. The EU’s new plans to simplify key data privacy and AI governance measures have received a mixed response.
-
News BriefSEC exam priorities for 2026 signal heightened focus on firmwide compliance
The U.S. Securities and Exchange Commission’s (SEC) Division of Examinations released its 2026 examination priorities, which give companies a roadmap of areas of heightened risk and regulatory focus for next year.
-
ArticlePharma sector boom puts pressure on compliance to counter financial crime
Regulation is a matter of life and death in the pharmaceutical industry. Rules to combat practices that can kill have been in force for decades, but tech developments are rapidly creating new risks and focusing lawmakers’ attention on areas where some compliance teams may lack experience.