Header image

SEC to Enforce 30 Day Disclosure on Some Financial Institutions

New SEC rules will also require written policies and procedures.

Some financial institutions will disclose security breaches within 30 days, under new rules from the Securities and Exchange Commission.

Under the amendments, institutions must notify individuals whose personal information was compromised “as soon as practicable, but not later than 30 days” after learning of unauthorized network access or use of customer data, reports Arstechnica.

The new requirements will be binding on broker-dealers (including funding portals), investment companies, registered investment advisers, and transfer agents.

Notifications must detail the incident, what information was compromised, and how those affected can protect themselves.

Also, the amendments will require covered institutions to “develop, implement, and maintain written policies and procedures” that are “reasonably designed to detect, respond to, and recover from unauthorized access to or use of customer information.” 


Dan Raywood Senior Editor SC Media UK

Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Upcoming Events

11
Jul

Beyond Cloud Security Posture Management:

Validating Cloud Effectiveness with Attack Simulation

image image image image