SEC Adds New Incident Response Rules for Financial Sector

  /     /     /  
Publicated : 23/11/2024   Category : security


SEC Adds New Incident Response Rules for Financial Sector


Financial firms covered under new regulations will be required to establish a clear response and communications plan for customer data breaches.



The
Securities and Exchange Commission (SEC)
announced it will adopt new data-breach reporting regulations for some financial firms.
These new requirements serve to modernize and enhance the rules that govern the treatment of consumers nonpublic personal information by certain financial institutions, according to the SEC.
These amendments have been updated to require several new standards since the commission first adopted Regulation S-P, more than 24 years ago:
Broker-dealers, investment companies, registered investment advisers, and transfer agents must address the growing use of technology and the risks it imposes.
Institutions must develop, implement, and maintain policies for an incident response program that can respond to and recover from
unauthorized access
to customer information.
The incident response program must require institutions to notify individuals whose sensitive information was compromised.
Covered institutions must give notice of a breach as soon as possible but no later than 30 days if customer information was accessed by an unauthorized user. This notice must provide details of the incident, the kind of data that was breached, and how affected customers can best protect themselves.
Over the last 24 years, the nature, scale, and impact of data breaches has transformed substantially,
said Gary Gensler, SEC chair.
These amendments to Regulation S-P will make critical updates to a rule first adopted in 2000 and help protect the privacy of customers financial data.
The amendments will go into effect 60 days after publication in the Federal Register, the SEC said. Once published, larger entities will have 18 months to comply with the amendments, whereas smaller entities will have 24 months.

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
SEC Adds New Incident Response Rules for Financial Sector