New SEC requirements give institutions 30 days to disclose security incidents

New SEC requirements give institutions 30 days to disclose security incidents

Briefly

Over the last 24 years, the nature, scale, and impact of data breaches has transformed substantially. These amendments to Regulation S-P will make critical updates to a rule first adopted in 2000 and help protect the privacy of customers' financial data.

Ars Technicahttps://arstechnica.com/security/2024/05/new-sec-requirements-give-institutions-30-days-to-disclose-security-incidents/

The basic idea for covered firms is if you've got a breach, then you've got to notify. That's good for investors.

Ars Technicahttps://arstechnica.com/security/2024/05/new-sec-requirements-give-institutions-30-days-to-disclose-security-incidents/

Notifications must detail the incident, what information was compromised, and how those affected can protect themselves.

Ars Technicahttps://arstechnica.com/security/2024/05/new-sec-requirements-give-institutions-30-days-to-disclose-security-incidents/

The amendments will require covered institutions to develop, implement, and maintain written policies and procedures that are reasonably designed to detect, respond to, and recover from unauthorized access to or use of customer information.

Ars Technicahttps://arstechnica.com/security/2024/05/new-sec-requirements-give-institutions-30-days-to-disclose-security-incidents/