On October 27, the Federal Trade Commission adopted an amendment to its Safeguard Rules that requires non-banking institutions to report data breaches and security events.

Who's Affected
The new FTC Safeguard Rules apply to non-banking financial institutions, which include Mortgage Brokers, Motor Vehicle Dealers, and Payday Lenders. These entities, like banks and other financial institutions, handle sensitive customer data and are subject to regulatory measures to ensure the security and privacy of this information.

Reporting Requirements: What you need to do
Under the updated rules, businesses falling under this category are required to report data breaches and security incidents. The reporting process involves submitting an incident report through an FTC portal. The information that businesses need to provide includes:

  - Name and contact information of your business;
  - A description of the types of information involved in the incident;
  - If possible, the date or date range of the incident;
  - The number of consumers affected;
  - A general description of the incident;
  - Whether any law enforcement official has provided a determination that notifying the public of the breach would impede a criminal investigation or cause damage to national security, along with a means for the FTC to contact the law enforcement official.

Compliance: Get Prepared
  To maintain compliance with these new rules, businesses in this sector are encouraged to take proactive steps in enhancing their cybersecurity posture:

  - Work with Managed Service Providers (MSPs) or IT professionals to ensure continuous monitoring and robust logging of network activity.
  - Establish and maintain an incident response plan, which includes guidelines for promptly detecting, responding to, and reporting security incidents.
  - Regularly assess and update your cybersecurity measures to address emerging threats and vulnerabilities.
  - Educate employees about data security best practices and implement strong access controls and data encryption.

Managed Service Providers and IT professionals play a critical role in helping businesses in the non-banking financial sector navigate these regulatory changes. They offer expertise in setting up robust security measures, monitoring networks, and ensuring compliance with the new Safeguard Rules. Their experience and support can be invaluable in mitigating security risks.

Data breaches have severe consequences, not only in terms of financial losses but also damage to a business's reputation and trust with customers. Protecting sensitive customer data is not just a regulatory requirement; it's a fundamental aspect of maintaining the integrity and longevity of your business.

Rather than waiting for a breach to occur, businesses are encouraged to take proactive measures to strengthen their cybersecurity defenses. This includes investing in advanced security technologies, conducting regular security assessments, and providing ongoing training and awareness programs for employees. Contact your MSP or IT team today to ensure you are prepared not only for the updated FTC Safeguard Rules but also to respond to any cyber incident you may face.

‍