SEC Updates Customer Data Hacking Rules for Wall Street

By | May 17, 2024

Wall Street’s top regulator on Thursday said it had updated rules to ensure investment companies and others work to detect and respond to hackers’ theft of customer data.

The changes, approved unanimously by the five-member U.S. Securities and Exchange Commission, apply to rules first adopted in 2000.

“Over the last 24 years, the nature, scale, and impact of data breaches has transformed substantially,” SEC Chair Gary Gensler said in a statement, adding that this required regulations to keep pace.

Related: SEC Set to Adopt New Cyber Rule, Unveils Brokerage AI Proposal | Wall Street Regulator Unveils New Hacking, Data and Market Resiliency Rules

Under the changes announced Thursday, broker-dealers, investment companies, registered investment advisers and others will be required to maintain incident response programs to detect, respond to and recover from cyber-theft of customers’ personal data as well as notify individuals whose information may have been accessed without authorization, according to the SEC.

Companies affected by the rules will have to come into compliance 18 months to two years from the date the changes appear in the Federal Register, according to the agency.

Topics Cyber

Was this article valuable?

Here are more articles you may enjoy.