The Securities and Exchange Commission (SEC) is implementing a new rule that will require some financial institutions to report security breaches within 30 days of identifying the issue.
The amendments stated that institutions should notify compromised customers "as soon as practicable, but not later than 30 days" after learning about the security breach.
SEC Implements New Policy Amid Increasing Breaches on Financial Institutions
The changes will be reflected in Regulation S-P, the rules that concern appropriate treatment for the personal information of consumers. This affects registered broker-dealers, investment companies, registered investment advisers, and transfer agents.
"These amendments to Regulation S-P will make critical updates to a rule first adopted in 2000 and help protect the privacy of customers' financial data. The basic idea for covered firms is if you've got a breach, then you've got to notify," said SEC chair Gary Gensler.
Financial institutions must provide detailed information about the incident, what type of consumer data was compromised by the attack, and what measures could individuals take to protect themselves.
SEC Strengthens Policy on Security Breaches
The amendments for Regulation S-P marked its first update since it was adopted in 2000. SEC announced that the policy change will force institutions to maintain and develop their policies against unauthorized access to customer information.
However, affected institutions are not required to alert their customers if their investigation proves that the accessed personal information was not used to create substantial harm or inconvenience.
Last year, the SEC implemented new regulations that required publicly traded companies to report security breaches that can affect business, strategy, or financial results and conditions.
The amendments for Regulation S-P will be effective 60 days after its publication in the Federal Register. Larger organizations are given up to 18 months to comply while smaller institutions can take up to 24 months.
Related Article : DOJ, SEC Probe Cruise's Autonomous Car Accident on a Pedestrian
