Cybersecurity And Data Protection
Since client information is typically kept in a broker-dealer or investment advisory firm’s electronic database, cybersecurity and its role in data protection are important issues for regulators. As a result, a primary duty of the investment professional and her firm is to ensure that electronic client data remains safe and unavailable to online hackers. Failure to do so constitutes a violation of client confidentiality and can subject the financial institution to SEC or FINRA regulation.
SEC Regulation S-P addresses client confidentiality. This regulation requires financial institutions to adopt written policies and procedures that:
- • Insure that customer records and information are kept secure and confidential
- • Safeguard customer records and data against potential security threats
- • Protect against unauthorized access to customer information that has the potential to harm or inconvenience the customer
The SEC’s rule also requires SEC-registered firms to properly dispose of nonpublic personal information. This requires the firms to take reason