FTC Amends Safeguards Rule to Expand Notification Requirements for Data Breaches and Information Security Events
On October 27, 2023, the FTC announced amendments to its Safeguards Rule requiring non-banking financial institutions—such as mortgage brokers, accountants, investment advisers, car dealers, and payday lenders—to maintain comprehensive information security programs and report breaches involving unencrypted data of 500 or more consumers within 30 days. The amendments, effective 180 days after publication, aim to enhance transparency and incentivize stronger protection of sensitive consumer financial information.
Arby’s: We Have the Breach! Cautionary Observations on Reputation Management and Cyber Breach Disclosures
Arby’s may be the latest high-profile victim of a cyber breach, prompting a limited public statement while it investigates potential compromise of payment card systems. The situation highlights the delicate balance companies face between transparency, legal risk, and reputation management in responding to cybersecurity incidents.