SEC Says the Cyber Police Are Coming

Pretty soon we’ll all be data privacy lawyers.  The SEC is certainly doing its part to ensure that comes to pass.  Earlier this year the SEC’s Office of Compliance, Inspections, and Examinations announced that its 2014 Examination Priorities included a focus on technology, including cybersecurity preparedness.  On March 26, the SEC sponsored a Cybersecurity Roundtable in which Chair Mary Jo White underscored the importance of this area to the integrity of the national market system and customer data protection.  And on Tuesday, OCIE announced an upcoming series of over 50 examinations of registered broker-dealers and investment advisers focusing on areas related to cybersecurity.

More specifically, the exam staff will be looking at each entity’s cybersecurity governance, identification and assessment of cybersecurity risks, protection of networks and information, risks associated with remote customer access and funds transfer requests, risks associated with vendors and other third parties, detection of unauthorized activity, and experiences with certain cybersecurity threats.

It gets even more specific than that.  The alert attaches a sample request for documents and information that should be very useful for regulated entities and their compliance staffs.  If you’re concerned about your firm’s data security – and you probably should be – do yourself a favor and read up.