Financial institutions have 30 days to disclose breaches under new rules

Financial institutions have 30 days to disclose breaches under new rules

Enlarge (credit: Brendan Smialowski / Getty Images)

amendments, institutions must notify individuals whose personal information was compromised “as soon as practicable, but not later than 30 days” after learning of unauthorized network access or use of customer data. The new requirements will be binding on broker-dealers (including funding portals), investment companies, registered investment advisers, and transfer agents.

“Over the last 24 years, the nature, scale, and impact of data breaches has transformed substantially,” SEC Chair Gary Gensler said. “These amendments to Regulation S-P will make critical updates to a rule first adopted in 2000 and help protect the privacy of customers’ financial data. The basic idea for covered firms is if you’ve got a breach, then you’ve got to notify. That’s good for investors.”

Read 9 remaining paragraphs | Comments

Article Tags:
Article Categories:
Technology