On March 15, 2023 the U.S. Securities and Exchange Commission (“SEC”) released its proposal to amend Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Customer Information, while simultaneously issuing two additional cybersecurity-related rule proposals[1] and re-opening the comment period for its previously-proposed cybersecurity risk management rule released in February 2022.[2] This set of sweeping reforms makes it clear, if not already, that the SEC is serious about implementing comprehensive cybersecurity and privacy standards across its regulated entity population—including investment advisers.
DATA BREACH
A Timely Reason to Review Procedures for Risk Assessments and Vendor Contracts in Light of the SolarWinds Attack
As reported last week, a state-sponsored hacker may have breached multiple U.S. government networks through a widely-used software product offered by SolarWinds. The compromised product helps organizations manage their networks, servers and networked devices. The product is not only used by government agencies, but is widely used in both the…