Tuesday, June 25, 2024

Financial Organizations Need To Disclose Data Breach Within 30-Days

The U.S. Securities and Exchange Commission (SEC) has made changes to Regulation S-P that require financial companies to report data leaks within 30 days. This is a big step toward protecting consumers.

This new rule, which goes into force on May 15, 2024, is meant to strengthen and update the protections for consumer financial information.

ANYRUN malware sandbox’s 8th Birthday Special Offer: Grab 6 Months of Free Service

Background on Regulation S-P

Since its introduction in 2000, SEC Regulation S-P has required broker-dealers, investment companies, and licensed investment advisers to protect customer records and information with written policies and procedures.

The rule also explains how to properly delete consumer report information and requires privacy policy notices and opt-out choices.

Over the years, improvements in technology have made data breaches more likely, which is why these changes were needed.

Key Amendments to Regulation S-P

Incident Response Program

The changes say that institutions that are protected must create, use, and keep up with an incident response program.

This program needs to be able to find, stop, and fix instances of customer data being accessed or used without permission. Some critical parts of the incident response method are:

  • How to Find and Respond: Steps to find and stop people from accessing or using customer information without permission.
  • Steps to stop more unauthorized entry or use are called containment and control.
  • Oversight of Service Providers: Rules to make sure service providers do their jobs right and are watched over.

Customer Notification Requirement

One of the changes’ most essential parts is that people who will be impacted must be notified promptly.

When covered organizations learn of a breach, they have 30 days to tell people whose sensitive information has been accessed or used without their permission. This must be in the notice:

  • Details of the Incident: Information about what kind of breach it was and how big it was.
  • Breached Data: Details about the data that was lost or stolen.
  • Protective Measures: Advice on how people who are impacted can keep themselves safe.

Information with a broader range

The changes also allow Regulation S-P to address more types of information.

This includes private, non-public information that the bank gathers about its customers and information it gets from other banks about their customers.

Additional Provisions

Along with these important changes, the changes to Regulation S-P also include the following:

  • Protections and Rules for Disposal: Covers all nonpublic personal information that was added.
  • Needs for Keeping Records: Covered institutions, but not funding websites, must keep written records that show they follow the rules for disposal and safety.
  • Privacy Notice Every Year: Under the FAST Act, institutions don’t have to send a yearly privacy notice if certain conditions are met.
  • Extension to Transfer Agents: The rules for both protection and disposal now apply to transfer agents who are registered with the SEC or another regulatory body.

The changes the SEC made to Regulation S-P are a big step toward keeping people’s banking information safe.

By requiring financial companies to report data breaches within 30 days, the SEC hopes to ensure that customers are quickly informed and can take the steps they need to stay safe.

These changes show how data security is changing and how vital means are needed to protect private data in a world that is becoming more and more digital.

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers


Latest articles

Hackers Exploit Multiple WordPress Plugins to Hack Websites & Create Rogue Admin Accounts

Wordfence Threat Intelligence team identified a significant security breach involving multiple WordPress plugins. The initial...

Hackers Attacking Windows IIS Server to Upload Web Shells

Windows IIS Servers often host critical web applications and services that provide a gateway...

WikiLeaks Founder Julian Assange Released in Stunning Deal with U.S.

WikiLeaks founder Julian Assange has been released from prison after reaching a deal with...

Four Members of FIN9 Hackers Charged for Attacking U.S. Companies

Four Vietnamese nationals have been charged for their involvement in a series of computer...

BREAKING: NHS England’s Synnovis Hit by Massive Cyber Attack

In a shocking development, the NHS has revealed that it was the victim of...

Threat Actor Claiming a 0-day in Linux LPE Via GRUB bootloader

A new threat actor has emerged, claiming a zero-day vulnerability in the Linux GRUB...

LockBit Ransomware Group Claims Hack of US Federal Reserve

The notorious LockBit ransomware group has claimed responsibility for hacking the U.S. Federal Reserve,...
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles