On October 27, 2023, the Federal Trade Commission (FTC) approved an amendment to the Standards for Safeguarding Customer Information, known as “the Safeguards Rule,” under the Gramm-Leach-Bliley Act. The amended Safeguards Rule (Final Rule) requires non-banking financial institutions “to report certain data breaches and other security events to the agency.” The FTC unanimously approved the update by a vote of 3‑0. “Companies that are trusted with sensitive financial information need to be transparent if that information has been compromised,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “The addition of this disclosure requirement to the Safeguards Rule should provide companies with additional incentive to safeguard consumers’ data.” This article analyzes the Final Rule and offers practical measures for non-bank financial institutions to take in response to the new reporting requirement, which takes effect on May 13, 2024. See “Fund Managers Must Ensure Adequate Security Measures Under Safeguards Rule or Risk SEC Enforcement Action” (Sep. 30, 2021).