10.11.7. Cybersecurity and Data Protection
Since client information is typically kept in a broker-dealer or investment advisory firm’s electronic database, cybersecurity and its role in data protection are important issues for regulators. As a result, a primary duty of the investment professional and his firm is to ensure that electronic client data remains safe and unavailable to online hackers. Failure to do so constitutes a violation of client confidentiality and can subject the financial institution to SEC or FINRA regulation.
SEC Regulation S-P addresses client confidentiality. This regulation requires financial institutions to adopt written policies and procedures that:
• Ensure that customer records and information are kept secure and confidential
• Safeguard customer records and data against potential security threats
• Protect against unauthorized access to customer information that has the potential to harm or inconvenience the customer
The SEC’s rule also requires SEC-registered firms to properly dispose of nonpublic personal information. This requires the firms to take reasonable measures to pr