The U.S. Securities and Exchange Commission (SEC) has made changes to Regulation S-P that require financial companies to report data leaks within 30 days. This is a big step toward protecting consumers.
This new rule, which goes into force on May 15, 2024, is meant to strengthen and update the protections for consumer financial information.
ANYRUN malware sandbox’s 8th Birthday Special Offer: Grab 6 Months of Free Service
Since its introduction in 2000, SEC Regulation S-P has required broker-dealers, investment companies, and licensed investment advisers to protect customer records and information with written policies and procedures.
The rule also explains how to properly delete consumer report information and requires privacy policy notices and opt-out choices.
Over the years, improvements in technology have made data breaches more likely, which is why these changes were needed.
Incident Response Program
The changes say that institutions that are protected must create, use, and keep up with an incident response program.
This program needs to be able to find, stop, and fix instances of customer data being accessed or used without permission. Some critical parts of the incident response method are:
Customer Notification Requirement
One of the changes’ most essential parts is that people who will be impacted must be notified promptly.
When covered organizations learn of a breach, they have 30 days to tell people whose sensitive information has been accessed or used without their permission. This must be in the notice:
Information with a broader range
The changes also allow Regulation S-P to address more types of information.
This includes private, non-public information that the bank gathers about its customers and information it gets from other banks about their customers.
Along with these important changes, the changes to Regulation S-P also include the following:
The changes the SEC made to Regulation S-P are a big step toward keeping people’s banking information safe.
By requiring financial companies to report data breaches within 30 days, the SEC hopes to ensure that customers are quickly informed and can take the steps they need to stay safe.
These changes show how data security is changing and how vital means are needed to protect private data in a world that is becoming more and more digital.
Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers
In a recent development, the SPAWNCHIMERA malware family has been identified exploiting the buffer overflow…
A significant vulnerability in Sitevision CMS, versions 10.3.1 and earlier, has been identified, allowing attackers…
Chinese cybersecurity entities have accused the U.S. National Security Agency (NSA) of orchestrating a cyberattack…
The ACRStealer malware, an infostealer disguised as illegal software such as cracks and keygens, has…
A security vulnerability in Nagios XI 2024R1.2.2, tracked as CVE-2024-54961, has been disclosed, allowing unauthenticated…
Ubiquiti Networks has issued an urgent security advisory (Bulletin 046) warning of multiple critical vulnerabilities…