Series 65: 10.11.7. Cybersecurity And Data Protection

10.11.7. Cybersecurity and Data Protection

Since client information is typically kept in a broker-dealer or investment advisory firm’s electronic database, cybersecurity and its role in data protection are important issues for regulators. As a result, a primary duty of the investment professional and his firm is to ensure that electronic client data remains safe and unavailable to online hackers. Failure to do so constitutes a violation of client confidentiality and can subject the financial institution to SEC or FINRA regulation.

SEC Regulation S-P addresses client confidentiality. This regulation requires financial institutions to adopt written policies and procedures that:

• Ensure that customer records and information are kept secure and confidential

• Safeguard customer records and data against potential security threats

• Protect against unauthorized access to customer information that has the potential to harm or inconvenience the customer

The SEC’s rule also requires SEC-registered firms to properly dispose of nonpublic personal information. This requires the firms to take reasonable measures to pr