Another Safeguards Rule Requirement: FTC Requires Covered Entities to Report a Breach Within 30 Days

Only months after the final compliance deadline to the amended Safeguards Rule, the Federal Trade Commission (FTC) has once again updated the rule to require that covered entities report certain breaches to the FTC. “Covered entities” include non-banking financial institutions such as mortgage lenders and brokers, finance companies, account servicers, collection agencies and financial advisers. 

Effective 180 days after publication of the rule in the Federal Register, covered entities will need to report any breach that results in the unauthorized acquisition of unencrypted information involving more than 500 consumers to the FTC no later than 30 days after discovery. The report notice must be made electronically on the FTC’s website, and it must include a description of the types of information involved: the date or date range of the event; the number of consumers affected, and a general description of the event.

If you have questions regarding the new reporting requirements or other requirements under the Safeguards Rule, please contact Jordan Jozwik or your Reinhart attorney.