The Federal Trade Commission (FTC) has announced a final rule amending the FTC Safeguards Rule that will require non-banking institutions, such as dealers, to report certain data breaches and other security events to the FTC.
The final rule requires financial institutions (including dealers) to report “notification events,” defined as the unauthorized acquisition of unencrypted customer information involving at least 500 customers, to the FTC. The FTC has stated that the rule and its notice requirement are specifically intended to facilitate enforcement of the FTC’s Safeguards Rule against entities that file reports.
The notice to the commission must be provided electronically through a form located on the FTC’s website and must include:
Notices will be available in a public database. The final rule does not impose a consumer notice requirement.
This rule will become effective 180 days after it is published in the federal register, which is expected shortly. Dealers and their qualified individuals should review the final rule to understand its requirements and scope and should consult with their technology providers and counsel regarding the implications of the new rule.
Chicago Automobile Trade Association18W200 Butterfield Rd.
Oakbrook Terrace, IL 60181
Copyright © Chicago Automobile Trade Association.