Skip to main content

FTC Tightens Data Security Protocols For Nonbank Financial Firms

News Director
Oct 30, 2023

New amendment to the Safeguards Rule mandates prompt reporting of major data breaches, reinforcing protection for consumer information.

To bolster data security measures, the Federal Trade Commission (FTC) has mandated nonbank financial institutions — including mortgage brokers — to report specific data breaches and security incidents.

The amendment to the Safeguards Rule requires firms to alert the FTC promptly following a security breach, ensuring that such a report is filed within 30 days of its discovery. However, this requirement kicks in only if the breach has impacted at least 500 consumers and involves the unauthorized acquisition of unencrypted information.

“Companies that are trusted with sensitive financial information need to be transparent if that information has been compromised,” said Samuel Levine, director of the FTC’s Bureau of Consumer Protection. “The addition of this disclosure requirement to the Safeguards Rule should provide companies with additional incentive to safeguard consumers’ data.”   

The journey to this decision began in October 2021 when the FTC initiated discussions on potential modifications to the Safeguards Rule. Their initial proposal, based on feedback from 14 varied comments, had suggested notifying electronically for security events that possibly jeopardized customer information of at least 1,000 consumers.

While many supported the move, believing it would aid the FTC in upholding data security norms, some opposition emerged. Detractors cited concerns of redundancy with state breach notification laws and proposed that the FTC could gather needed information from already-existing reports to consumers and state regulators.

The FTC pointed out the inefficiencies of such an indirect approach, which would divert crucial resources from primary enforcement activities. 

“Receipt of these notices will enable the commission to monitor for emerging data security threats affecting financial institutions and to facilitate prompt investigative response to major security breaches,” the FTC noted in its concluding rule.

The final decision to implement the change to the Safeguards Rule was unanimous, with a 3-0 vote in favor. The new regulations will be enforceable 180 days after their official listing in the Federal Register.

About the author
Christine Stuart is the news director at NMP.
Published
Oct 30, 2023
Rocket Mortgage Sues HUD Over Regulatory, Enforcement Discrepancies

Rocket seeks dismissal of the DOJ's October lawsuit alleging the lender committed racial appraisal bias.

Dec 05, 2024
West Capital Lending Acquires Locally-Focused Brokerage, Red Tree Mortgage

The 2024 Broker Brawl reaffirmed West Capital's commitment as a relationship-focused lender

Dec 03, 2024
First FICO 10T-Backed MBS Issuance Achieved

Comprised of VA loans, the pool offers proof of concept for changes to be required by the FHFA by late 2025.

Dec 03, 2024
BAC Co-Founder Reveals Mega Brokers May Undergo CFPB Audits

Brendan McKay of BAC revealed the main takeaways in a LinkedIn post

Dec 02, 2024
AnnieMac Data Breach Impacts 171,000 Customers

Letters detailing the Aug. 23 breach were mailed to thousands of affected customers across multiple states last week.

Nov 18, 2024
More Communication, Earlier, Homebuyers Plead

It takes more than just 'fast and fancy' to please mortgage borrowers, according to the latest J.D. Power study

Nov 12, 2024