On October 27, 2023, the Federal Trade Commission (FTC) announced approval of an amendment to the Gramm-Leach-Bliley Act Safeguards Rule. The amendment requires nonbank financial institutions to report to the FTC the unauthorized acquisition of unencrypted customer information involving at least 500 consumers (a notification event). The amendment becomes effective May 13, 2024.
The amendment also provides:
– Notification must be made as soon as possible, and no later than 30 days after discovery of the event;
– Notice must be provided through an online form that will be available on the FTC’s website;
– The notice will include:
- the name and contact information of the reporting financial institution;
- a description of the types of information that were involved in the notification event;
- if the information is possible to determine, the date or date range of the notification event;
- the number of consumers affected or potentially affected by the notification event;
- a general description of the notification event; and
- whether any law enforcement official provided a written determination that notifying the public of the breach would impede a criminal investigation or cause damage to national security, and a means for the FTC to contact the law enforcement official.
This Member Alert is intended for members of the Receivables Management Association International, is for informational purposes only, and is in no way intended to provide legal advice. Members are encouraged to consult with an attorney of their choice for legal advice concerning this matter.