The Federal Trade Commission will require non-banking financial institutions to report data breaches and other events related to cybersecurity, the agency announced Friday.
The amendment to the FTC’s Safeguards Rule would require non-banking financial institutions like mortgage brokers, motor vehicle dealers and payday lenders to notify the commission as soon as possible, and no later than 30 days, after the discovery of a breach affecting 500 consumers or more.
The FTC should be notified when unencrypted customer information has been obtained without their authorization, the agency said. The notice to the agency must include information about the breach, including the number of consumers affected and those at risk.
