On May 13, 2024, the amendment to the Gramm-Leach-Bliley Act Safeguards Rule went into effect requiring nonbank financial institutions to report to the FTC any unauthorized acquisition of unencrypted customer information involving at least 500 consumers.
The amendment requires that notification be made as soon as possible, and no later than 30 days after discovery of the event. Notice must be provided through an online form available on the FTC’s website that requests specific information regarding the event.
For more information, please see RMAI’s Member Alert from November 13, 2023, and the FTC’s recent blog.
RMAI encourages its members to share this member alert with their legal, operations, and compliance personnel.
This Member Alert is intended for members of the Receivables Management Association International, is for informational purposes only, and is in no way intended to provide legal advice. Members are encouraged to consult with an attorney of their choice for legal advice concerning this matter.