The Securities and Exchange Commission (SEC) recently
announced its plan to review 50 or more investment firms to learn how they
protect their electronically stored data. As regulators look for ways to ensure
better protection against data theft, firms can benefit from doing the same.
Below are a few things to consider when reviewing your
firm’s data protection practices:
Find out what data
protection methods your firm employs.
You can instill confidence in clients who inquire about how
their information is stored and protected by understanding the data protection
methods used by your firm. If a client asks a question like, “What forms of
identification are used to access my personal identifiable information?” you
should be able to provide an answer.
Learn what
compensation, if any, is available to clients who suffer a loss as a result of
data theft.
Recent cyber breach reports may alarm customers, making them
more concerned about what they can expect in the event of a breach. Be prepared
for potential customer questions like: “Do you reimburse customers for losses
related to data theft?”
Be aware of any fines
or other regulatory actions against your firm related to data theft.
Even well protected corporations have suffered a cyber
breach. If your firm has experienced a breach, be prepared to address this with
customers who have concerns. If your firm has since improved its protections
against data theft, consider explaining this to customers to relieve their
concerns.
By evaluating data protection practices, firms can stay in
compliance with regulators and instill confidence in customers. Even if
Broker/Dealers don’t believe their firm will be subject to the SEC’s review,
this can be an opportunity for firms to find out how their data protection
methods measure up against industry peers.
All
information provided in this blog is for informational purposes only. The
sources used are presumed accurate. CalSurance Associates, Brown & Brown
Program Insurance Services, Inc. and Brown & Brown, Inc. will not be liable
for any errors, omissions, losses, injuries or damages arising from its display
or use and will not assume responsibility for any misguided information. No
guarantees are implied.
