Blog
Safeguards Rule Notification Requirement Now in Effect
- By: Stephen Pallas
- On: 05/15/2024 10:16:22
- In: Federal / National Posts
- Comments: 0
The Federal Trade Commission (FTC) has amended its Gramm-Leach Bliley Safeguards Rule, requiring covered companies to report certain data breaches and security events. These changes took effect on May 13, 2024, after a six-month grace period to allow businesses time to prepare.
Who is Covered by the Safeguards Rule?
The Safeguards Rule applies to a wide range of “financial institutions” under the FTC's jurisdiction. This includes businesses that handle consumers' confidential financial information, such as mortgage lenders, payday lenders, finance companies, mortgage brokers, and many dealerships. For more information on determining if the Rule applies to your business, refer to the FTC's informal staff guidance: FTC Safeguards Rule: What Your Business Needs to Know.
What are the New Reporting Requirements?
The updated Rule requires financial institutions to notify the FTC within 30 days of discovering a security breach involving the information of at least 500 consumers. This includes unauthorized acquisition of unencrypted customer information, including unauthorized access unless there is reliable evidence to the contrary.
Here's how the Rule defines an incident that triggers notification:
“An acquisition of unencrypted customer information without the authorization of the individual to which the information pertains. Customer information is considered unencrypted for this purpose if the encryption key was accessed by an unauthorized person. Unauthorized acquisition will be presumed to include unauthorized access to unencrypted customer information unless you have reliable evidence showing that there has not been, or could not reasonably have been, unauthorized acquisition of such information."
The FTC has created a user-friendly online form to simplify the reporting process. The form clearly outlines the required information, making compliance as easy as possible.
The Safeguards Rule contains additional provisions to enhance your business's security. Review the FTC's guidance for detailed information. Remember, compliance with the Safeguards Rule does not replace obligations under other state and federal laws.
Texas Laws on Data Breach Reporting
In addition to the FTC's data breach reporting rules, dealers also need to be aware of the specific laws in Texas regarding the same issue. As of September 1, 2023, Texas law requires businesses and organizations that experience a data breach of system security that affects 250 or more Texans to report that breach to the Office of the Texas Attorney General as soon as practicably possible and no later than 30 days after the discovery of the breach. Businesses and organizations must also provide notice of the breach to affected consumers. Information can be found on the website of the Attorney General of Texas.
TIADA's Updated Safeguards Course: Your Solution for Compliance
TIADA understands the importance of staying compliant with the FTC's regulations. That's why we've updated our Complying with the Safeguards Rule course to include information on red flags to watch out for.
Our affordable and convenient program meets all of the FTC's training requirements for the Safeguards and Privacy Rules, and it includes model Safeguards Policies and Agreements for your dealership at no extra charge.
Course Options
- Qualified Individual Course: This under-60-minute course covers everything the Qualified Individual needs to know about the Safeguards Rule and Privacy Rule, including data breach procedures and model policies.
- Course for All Other Employees: This 30-minute course covers essential information for all dealership employees, including data retention and disposal, privacy notice requirements, and the use of nonpublic personal information.
Volume Pricing and Contact Information
TIADA offers volume pricing options for dealerships with more than 10 employees. Contact us at education@txiada.org or 512-244-6060 to set up a Dealership Group Account and ensure your business stays compliant with the FTC Safeguards Rule.
Comments
There have been no comments made on this article. Why not be the first and add your own comment using the form below.
Leave a comment
Commenting is restricted to members only. Please login now to submit a comment.