A PYMNTS Company

SEC Mandates Swift Response: Wall Street’s New Data Breach Rules Explained

 |  May 21, 2024

The U.S. Securities and Exchange Commission (SEC) has updated its rules concerning how Wall Street investment companies detect and respond to data breaches. This marks the first substantial revision of customer data privacy regulations since 2000.

The updated regulations reflect the evolving nature and increased severity of cyber threats over the past two decades. SEC Chair Gary Gensler emphasized the urgency of these changes, noting that the landscape of data breaches has transformed dramatically, necessitating a modernized regulatory approach.

Under the new rules, investment advisors, broker-dealers and investment companies must inform their customers of data breaches within 30 days of detection. This prompt notification requirement is aimed at ensuring transparency and enabling customers to take timely protective actions.

Additionally, the updated regulations mandate that these entities establish and maintain comprehensive incident response programs. These programs are designed to detect, respond to and recover from data breaches effectively, thereby mitigating potential damages and restoring security swiftly.

To further fortify the financial industry’s defenses against cyber threats, the new rules compel investment advisors and companies to address technological advancements and emerging cybercrime risks proactively. This involves regular updates to security measures and continuous monitoring for vulnerabilities.

The SEC’s unanimous approval of these updated Wall Street regulations underscores the critical need for robust data breach protection in the financial sector. Larger investment entities are given 18 months to comply with the new requirements, while smaller entities have 24 months to implement the necessary changes following updates to the federal registration system.

The regulatory overhaul comes amid rising concerns about the security of financial institutions. Recently, over 1,500 global financial institutions were targeted by the Grandoreiro banking trojan, highlighting the persistent and sophisticated nature of cyber threats facing the industry.

Source: Spice Works