Wall Street’s top regulator on Thursday said it had updated rules to ensure investment companies and others work to detect and respond to hackers’ theft of customer data.
The changes, approved unanimously by the five-member U.S. Securities and Exchange Commission, apply to rules first adopted in 2000.
“Over the last 24 years, the nature, scale, and impact of data breaches has transformed substantially,” SEC Chair Gary Gensler said in a statement, adding that this required regulations to keep pace.
Related: SEC Set to Adopt New Cyber Rule, Unveils Brokerage AI Proposal | Wall Street Regulator Unveils New Hacking, Data and Market Resiliency Rules
Under the changes announced Thursday, broker-dealers, investment companies, registered investment advisers and others will be required to maintain incident response programs to detect, respond to and recover from cyber-theft of customers’ personal data as well as notify individuals whose information may have been accessed without authorization, according to the SEC.
Companies affected by the rules will have to come into compliance 18 months to two years from the date the changes appear in the Federal Register, according to the agency.
Topics Cyber
Was this article valuable?
Here are more articles you may enjoy.
Ex-NFL Player Sentenced to 16 Years in Prison for $200M Medicare Fraud Scheme 
Michigan Court Sides With Progressive in Policy Misrepresentation Case 
Travelers: Aging Workforce, New Employees Drive Complexity in Injury Claims 
Health Officials Downplay Pandemic Risk From Cruise Hantavirus Outbreak 
