FTC Announces Data Breach Reporting Obligation Under GLBA Safeguards Rule

Blogs

November 02, 2023

Perkins on Privacy

FTC Announces Data Breach Reporting Obligation Under GLBA Safeguards Rule

Under an amendment to the Safeguards Rule under the Gramm-Leach-Bliley Act announced on October 27, 2023, the Federal Trade Commission will require a broad range of nonbank financial institutions to notify the FTC of instances of the unauthorized acquisition of unencrypted, personally identifiable, nonpublic financial information of more than 500 customers.

The new notification obligation will be a significant change for financial institutions covered by the FTC's Safeguards Rule, as the universe of reportable incidents is vastly broader than is currently covered by other state or federal requirements, notification must be made quickly, and such reports will generally be made public by the FTC.

Read the full Update here.

Print and share

Authors

Rebecca S. Engrav

Partner

REngrav@perkinscoie.com

206.359.6168

Amelia M. Gerlicher

Partner

AGerlicher@perkinscoie.com

206.359.3445

Janis Kestenbaum

Partner

JKestenbaum@perkinscoie.com

Aaron Haberman

Counsel

AHaberman@perkinscoie.com

202.654.6246

Explore more in

Privacy Litigation

Privacy & Security

Blog series

Perkins on Privacy

Perkins on Privacy provides updates and insights on an array of privacy and data security legal issues, brought to you by Perkins Coie’s Chambers-ranked Privacy & Security practice. Subscribe 🡢

View the blog