FTC’s Safeguards Rule notification requirement under GLBA now in effect

Agency Rule-Making & Guidance FTC Privacy, Cyber Risk & Data Security

On May 14, the FTC published a business blog post announcing the Safeguards Rule, an amendment to the GLBA, is in effect as of May 13. The Safeguards Rule applies to financial institutions subject to the FTC’s jurisdiction and aims to protect customers' private personal information through data breach reporting requirements.

Additional revisions to the Rule related to data breach reporting were announced in October 2023, with amendments requiring covered companies to notify the FTC within 30 days of a security breach impacting at least 500 consumers. For reporting, businesses must use a new online form provided by the FTC. The Rule complements existing business security measures and does not negate other state and federal legal obligations. Businesses can refer to FTC guidance for further details on the rule and compliance requirements.