Non-banking financial institutions regulated by the FTC, including financial technology companies, mortgage brokers, credit counselors, financial planners and tax preparers, among others, will now be required to report certain data breaches and other security events directly to the FTC. This article analyzes the recent amendment to the Standards for Safeguarding Customer Information (Final Rule) and offers practical measures for non-bank financial institutions to take in response to the Final Rule’s new reporting requirement, which takes effect on May 13, 2024. See “How Financial Institutions Should Strengthen Their Data Security to Comply With FTC’s Updated Safeguards Rule” (Nov. 17, 2021).