5.7.6. Cybersecurity and Data Protection
Since client information is typically kept in a broker-dealer or investment advisory firm’s electronic database, cybersecurity and its role in data protection are important issues for regulators. As a result, a primary duty of the investment professional and his firm is to ensure that electronic client data remains safe and unavailable to online hackers. Failure to do so constitutes a violation of client confidentiality and can subject the financial institution to SEC or FINRA regulation.
SEC Regulation S-P addresses client confidentiality. This regulation requires financial institutions to adopt written policies and procedures that:
• Ensure that customer records and information are kept secure and confidential
• Safeguard customer records and data against potential security threats
• Protect against unauthorized access to customer information that has the potential to harm or inconvenience the customer
The SEC’s rule also requires financial institutions to properly dispose of nonpublic personal information. This requires firms to take reasonable measures to protect a