1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • US government rules financial firms now have to disclose data bre

    From TechnologyDaily@1337:1/100 to All on Tue May 21 14:30:05 2024
    US government rules financial firms now have to disclose data breaches within 30 days

    Date:
    Tue, 21 May 2024 14:15:15 +0000

    Description:
    The first update to the Regulation S-P in more than two decades.

    FULL STORY ======================================================================

    Some US financial institutions are now legally required to disclose a
    security breach within 30 days of their discovery.

    The news comes as a result of changes made by the US Securities and Exchange Commission (SEC) to Regulation S-P, a rule adopted to protect the privacy of consumers' personal financial information held by financial institutions.

    The changes require financial institutions such as broker-dealers (including funding portals), investment companies, registered investment advisers, and transfer agents to let the victims know their data was accessed as soon as practicable, but not later than 30 days from the moment the company first learns of the breach. Detailing the incident

    "Over the last 24 years, the nature, scale, and impact of data breaches has transformed substantially," Ars Technica cited SEC Chair Gary Gensler. "These amendments to Regulation S-P will make critical updates to a rule first adopted in 2000 and help protect the privacy of customers financial data. The basic idea for covered firms is if youve got a breach, then youve got to notify. Thats good for investors."

    When notifying the victims, the organizations must detail what happened,
    which data was stolen, and what the victims can do to protect themselves. Furthermore, these financial institutions will also need to develop, implement, and maintain written policies and procedures that are reasonably designed to detect, respond to, and recover from unauthorized access to or
    use of customer information .

    While the update does seem like a good idea, Ars Technica believes it comes with a major loophole: institutions arent obliged to notify victims if they deem the information wasnt used to cause substantial harm or inconvenience;
    or if they deem that such a scenario is unlikely.

    Officially titled "Privacy of Consumer Financial Information," this regulation, last updated in 2000, implements privacy provisions of the Gramm-Leach-Bliley Act (GLBA) and is designed to ensure that financial institutions safeguard sensitive customer information and provide notice of their privacy policies and practices.

    The amendments will go into effect 60 days after publication in the Federal Register, and larger organizations will have 18 months to comply after modifications are published. Smaller organizations will have 24 months. More from TechRadar Pro Linux servers targeted by dangerous espionage malware as Windows threat makes the jump Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/us-government-rules-financial-firms-now -have-to-disclose-data-breaches-within-30-days


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)