Brokers and asset managers would have to notify their customers of data breaches as part of a raft of cybersecurity and resiliency rules the Securities and Exchange Commission proposed Wednesday.
The customer-notification requirement would give firms no more than 30 days to alert individuals whose sensitive information was likely to have been accessed without authorization. The new rule would come alongside additional expansions to the SEC’s 24-year-old regulation governing financial firms’ protection of customer data, which SEC Chair Gary Gensler tied to soaring reports of identity theft.
Source: SEC Proposes New Cybersecurity Rules for Financial Firms – WSJ
