Alexander Boyd , Colin H. Black of Polsinelli PC write:
Beginning on May 13, 2024, nonbanking “financial institutions” must notify the Federal Trade Commission (“FTC”) within 30 days of discovering a data breach involving the nonpublic personal information of at least 500 consumers. These covered organizations can include a wide variety of companies that engage in financial activities but that are not directly regulated by federal banking regulators, including automobile dealerships, higher educational institutions participating in federal student financial aid programs, mortgage lenders or brokers, tax preparation firms, travel agencies, and others. These organizations are already required to implement certain information security protections pursuant to the FTC’s Safeguards Rule. The FTC’s new data breach notification requirement will provide the FTC with a critical tool to ensure that organizations are properly safeguarding consumer data.
Read more at The National Law Review.