More SEC rules, this time mandating financial firms inform victims of data breaches within 30 days!
Why wasn't this already a requirement?
Last year, the SEC instituted requirements for publicly traded companies to inform investors of material cybersecurity events within 4 days. That edict spurred a small wave of misguided protests in the #cybersecurity community, who warned of bad omens which never materialized.
I am anxious to see if this latest regulatory requirement also becomes a hotbed of discussion. <popcorn at the ready>
Comments