US SEC updates customer data hacking rules for Wall Street | Reuters

Under the changes announced Thursday, broker-dealers, investment companies, registered investment advisers and others will be required to maintain incident response programs to detect, respond to and recover from cyber-theft of customers’ personal data as well as notify individuals whose information may have been accessed without authorization, according to the SEC.

Companies affected by the rules will have to come into compliance 18 months to two years from the date the changes appear in the Federal Register, according to the agency.

Source: US SEC updates customer data hacking rules for Wall Street | Reuters