The U.S. Securities and Exchange Commission (SEC) has updated its rules concerning how Wall Street investment companies detect and respond to data breaches. This marks the first substantial revision of customer data privacy regulations since 2000.
The updated regulations reflect the evolving nature and increased severity of cyber threats over the past two decades. SEC Chair Gary Gensler emphasized the urgency of these changes, noting that the landscape of data breaches has transformed dramatically, necessitating a modernized regulatory approach.
Under the new rules, investment advisors, broker-dealers and investment companies must inform their customers of data breaches within 30 days of detection. This prompt notification requirement is aimed at ensuring transparency and enabling customers to take timely protective actions.
Additionally, the updated regulations mandate that these entities establish and maintain comprehensive incident response programs. These programs are designed to detect, respond to and recover from data breaches effectively, thereby mitigating potential damages and restoring security swiftly.
To further fortify the financial industry’s defenses against cyber threats, the new rules compel investment advisors and companies to address technological advancements and emerging cybercrime risks proactively. This involves regular updates to security measures and continuous monitoring for vulnerabilities.
The SEC’s unanimous approval of these updated Wall Street regulations underscores the critical need for robust data breach protection in the financial sector. Larger investment entities are given 18 months to comply with the new requirements, while smaller entities have 24 months to implement the necessary changes following updates to the federal registration system.
The regulatory overhaul comes amid rising concerns about the security of financial institutions. Recently, over 1,500 global financial institutions were targeted by the Grandoreiro banking trojan, highlighting the persistent and sophisticated nature of cyber threats facing the industry.
Source: Spice Works
Featured News
Electrolux Fined €44.5 Million in French Antitrust Case
Dec 19, 2024 by
CPI
Indian Antitrust Body Raids Alcohol Giants Amid Price Collusion Probe
Dec 19, 2024 by
CPI
Attorneys Seek $525 Million in Fees in NCAA Settlement Case
Dec 19, 2024 by
CPI
Italy’s Competition Watchdog Ends Investigation into Booking.com
Dec 19, 2024 by
CPI
Minnesota Judge Approves $2.4 Million Hormel Settlement in Antitrust Case
Dec 19, 2024 by
CPI
Antitrust Mix by CPI
Antitrust Chronicle® – CRESSE Insights
Dec 19, 2024 by
CPI
Effective Interoperability in Mobile Ecosystems: EU Competition Law Versus Regulation
Dec 19, 2024 by
Giuseppe Colangelo
The Use of Empirical Evidence in Antitrust: Trends, Challenges, and a Path Forward
Dec 19, 2024 by
Eliana Garces
Some Empirical Evidence on the Role of Presumptions and Evidentiary Standards on Antitrust (Under)Enforcement: Is the EC’s New Communication on Art.102 in the Right Direction?
Dec 19, 2024 by
Yannis Katsoulacos
The EC’s Draft Guidelines on the Application of Article 102 TFEU: An Economic Perspective
Dec 19, 2024 by
Benoit Durand