US government rules financial firms now have to disclose data breaches within 30 days

21 May 2024, 17:30 published

[ad_1]

Some US financial institutions are now legally required to disclose a security breach within 30 days of their discovery.

The news comes as a result of changes made by the US Securities and Exchange Commission (SEC) to Regulation S-P, a rule adopted to protect the privacy of consumers’ personal financial information held by financial institutions.

The changes require financial institutions such as broker-dealers (including funding portals), investment companies, registered investment advisers, and transfer agents to let the victims know their data was accessed “as soon as practicable, but not later than 30 days” from the moment the company first learns of the breach.

Detailing the incident

“Over the last 24 years, the nature, scale, and impact of data breaches has transformed substantially,” Ars Technica cited SEC Chair Gary Gensler. “These amendments to Regulation S-P will make critical updates to a rule first adopted in 2000 and help protect the privacy of customers’ financial data. The basic idea for covered firms is if you’ve got a breach, then you’ve got to notify. That’s good for investors.”

When notifying the victims, the organizations must detail what happened, which data was stolen, and what the victims can do to protect themselves. Furthermore, these financial institutions will also need to “develop, implement, and maintain written policies and procedures” that are “reasonably designed to detect, respond to, and recover from unauthorized access to or use of customer information.”

While the update does seem like a good idea, Ars Technica believes it comes with a major loophole: institutions aren’t obliged to notify victims if they deem the information wasn’t used to cause “substantial harm or inconvenience”; or if they deem that such a scenario is unlikely.

Officially titled “Privacy of Consumer Financial Information,” this regulation, last updated in 2000, implements privacy provisions of the Gramm-Leach-Bliley Act (GLBA) and is designed to ensure that financial institutions safeguard sensitive customer information and provide notice of their privacy policies and practices.

The amendments will go into effect 60 days after publication in the Federal Register, and larger organizations will have 18 months to comply after modifications are published. Smaller organizations will have 24 months.

More from TechRadar Pro

[ad_2]

Source link

Joy

Cong.

Loved

Surprised

Unliked

Mad

US government rules financial firms now have to disclose data breaches within 30 days

Comment

US government rules financial firms now have to disclose data breaches within 30 days

Write a Reply Cancel

You may be interested

The Galaxy S25 could have genuinely useful AI features that trump Apple Intelligence – including these 5 tricks

I’ve been waiting years for ChatGPT’s new Tasks feature – here’s how I’m planning to use it to organize my life

Wrexham’s new stadium plans get even BIGGER after Ryan Reynolds revealed vision for 55,000-seater ground

150TB SSD modules to go mainstream in 2025, and Micron is getting a slice of that pie

Nvidia abandons the problematic 12VHPWR RTX 4080 power connector with a much longer one for the RTX 5080 FE according to leaked images

Transfer news LIVE: Saudis set to offer Mohamed Salah £65m, Marcus Rashford EXCLUSIVE, Trent Alexander-Arnold TWIST

L’Oreal’s new skin testing suite paid me such a nice compliment, I nearly stole it from the demo room

Israel, Hamas appear to agree on tentative Gaza ceasefire deal: officials – National

Thousands of WordPress websites hit in new malware attack, here’s what we know

Privacy of millions worldwide compromised as huge data location broker got hacked

US government rules financial firms now have to disclose data breaches within 30 days

Share This Post

or copy the link

Related News

Write a Reply Cancel

You may be interested