December 1, 2017
National Society of Compliance Professionals’ Currents
Reprinted with permission from the National Society of Compliance Professionals’ Currents
While state governments have always possessed the authority to impose and enforce cybersecurity regulations, traditionally, they have allowed federal agencies like the FTC or the SEC to spearhead the enforcement efforts. In light of recent high profile data breaches, this trend has shifted course, throwing financial firms into the enforcement crosswinds of both the federal regulatory agencies and the state governments. To this end, the Massachusetts Attorney General filed a complaint against Equifax on September 17, 2017, alleging violations of the Massachusetts Data Security Regulations. While it remains to be seen where the bulk of enforcement will come from, it is clear that cybersecurity is a priority for both state legislatures and regulatory agencies. As regulation and enforcement continue to progress, broker-dealers, investment advisers, and investment companies must remain alert to their compliance obligations.
These materials have been prepared for informational purposes only and are not legal advice. This information is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Internet subscribers and online readers should not act upon this information without seeking professional counsel.