FTC Amends GLBA’s Safeguards Rule

October 31, 2023

The Federal Trade Commission (FTC) issued a final rule amending the Standards for Safeguarding Customer Information (Safeguards Rule) that requires all financial institutions—including non-banking entities—to report certain data breaches and security events to the FTC within 30 days.

The Safeguards Rule applies to companies covered by the Gramm-Leach-Bliley Act (GLBA) that are subject to FTC enforcement. Title companies and agents that provide title services are not covered because GLBA gives state insurance commissioners authority to enforce the regulation. However, companies that provide services that are not the business of insurance (like companies that just provide closings) are subject to the Safeguards Rule.

FTC notifications provision requires a covered entity to include the following details through a form available on the FTC’s website https://www.ftc.gov

  1. the name and contact information of the reporting financial institution
  2. a description of the types of information exposed in the notification event
  3. if the information is [available to identify], the date or date range of the notification event
  4. the number of consumers affected, and
  5. a general description of the notification event.

This notification must be made within 30 days of discovery of the notification event.

ALTA’s Best Practices were designed to help agents comply with the existing Safeguards Rule.


Contact ALTA at 202-296-3671 or [email protected].