PSCU - Credit Union Tracker - September/October 2023 Banner

FTC to Require Non-Banking Financial Institutions to Report Data Breaches

The Federal Trade Commission (FTC) will require non-banking financial institutions to report certain data security breaches.

In a unanimous decision, the regulator has approved an amendment to the Safeguards Rule, requiring non-banking financial institutions like mortgage brokers, motor vehicle dealers and payday lenders to report data security breaches affecting the information of 500 or more people, the FTC said in a Friday (Oct. 27) press release.

The Safeguards Rule already requires non-banking financial institutions to take steps to safeguard their customers’ information, according to the release.

In October 2021, the FTC sought comment on a proposed amendment to require these financial institutions to report certain data breaches and other security events, the release said.

The amendment announced Friday requires financial institutions to report security breaches involving the information of at least 500 customers within 30 days of discovering it, per the release. They will be required to notify the FTC if unencrypted customer information has been acquired without authorization of the customer and to specify the number of customers affected or potentially affected, along with other information.

This requirement will become effective 180 days after the publication of the rule in the Federal Register, according to the release.

“Companies that are trusted with sensitive financial information need to be transparent if that information has been compromised,” Samuel Levine, director of the FTC’s Bureau of Consumer Protection, said in the release. “The addition of this disclosure requirement to the Safeguards Rule should provide companies with additional incentive to safeguard consumers’ data.”

PYMNTS Intelligence has found that 65% of eCommerce customers say that experiencing even a single data security breach would prompt them to leave a merchant for good.

The more time consumers spend shopping online, the more concerned they are about the security of their personal and transactional data online, according to the “Securing eCommerce Study,” a PYMNTS and NuData collaboration based on a survey of 2,368 U.S. consumers.

The report found that 48% of all eCommerce shoppers are more worried about fraud and data theft now than they were before the pandemic began. Among those who are shopping online now more than before, 57% said they are now more concerned about data security.