Beginning May 11, 2024, non-banking financial institutions regulated by the Federal Trade Commission (FTC) will be required to submit notifications of data breaches or other security events that impact 500+ consumers. The FTC issued a final rule (the Rule) amending its Safeguards Rule¹ to impose this notification requirement. The FTC has indicated that such notices will be entered into a publicly available database. Below, we have outlined key requirements for non-banking financial institutions and next steps for compliance.