A group of business people working on a laptop.

Protecting Your Customers’ Data: New FTC Safeguards Rule

Hey there, fellow business owners!

Have you heard about the recent changes to the Safeguards Rule by the U.S. Federal Trade Commission (FTC)? If not, you’re in the right place. We’re here to break it down for you and help you understand why it matters for your business.

What’s the Deal with the Safeguards Rule?

The Safeguards Rule is all about enhancing data security measures to protect customer information and strengthen compliance obligations. And let’s face it, in today’s digital world, data breaches are a real threat that can have severe consequences for your business.

Now, the FTC has made an important amendment to the Safeguards Rule. It’s a game-changer that mandates all non-banking financial institutions (that includes mortgage brokers, motor vehicle dealers, payday lenders, investment firms, insurance companies, peer-to-peer lenders, and asset management firms) to report data breach incidents within 30 days.

Why the change? Well, it’s simple. Companies entrusted with sensitive financial information need to be transparent if that information has been compromised. The FTC’s Director of Bureau for Consumer Protection, Samuel Levine, put it best when he said, “The addition of this disclosure requirement to the Safeguards Rule should provide companies with additional incentive to safeguard consumers’ data.”

When Do You Need to Report a Breach?

The reporting requirement applies to security incidents that impact 500 or more consumers, especially if unauthorized third parties accessed unencrypted (cleartext) information. So, if you find yourself in this unfortunate situation, it’s crucial to take action and report the breach within the specified timeframe.

Now, here’s the good news. If consumer information is encrypted and the attackers didn’t access the encryption key, you’re in the clear. The notification requirement doesn’t apply in such cases.

What Should You Include in the Breach Report?

When submitting a breach report, you’ll need to provide the following details on FTC’s online portal:

  • Name and contact information of your institution.
  • Number of impacted consumers and of those potentially affected by it.
  • Description of the types of data that have been potentially exposed.
  • Exposure date and, if possible, the duration of the incident.
  • Confirmation whether law enforcement advised that public disclosure of the breach could obstruct an investigation or threaten national security.

It’s essential to be thorough and provide accurate information to ensure a smooth process.

What Happens After You Report a Breach?

Submitting a data breach report doesn’t automatically imply a violation of the Safeguards Rule, nor does it guarantee an investigation or enforcement action. However, reporting the breach is a responsible and necessary step to protect your customers and maintain their trust in your business.

The new notification requirement will become effective 180 days after publication of the rule in the Federal Register, meaning it should be applicable starting in April 2024.

Reach out to Us for Assistance

At ZZ Servers, we understand the importance of cybersecurity and protecting your customers’ data. We have a team of experts ready to assist you in implementing robust security measures and ensuring compliance with the new FTC Safeguards Rule.

Don’t wait until it’s too late. Contact us today to learn how we can help safeguard your business and maintain the trust of your customers. Together, we can tackle the ever-evolving world of cybersecurity.

For more details on the amendments and their development process based on the feedback FTC received from stakeholders, you can read this document.