Insights & Publications
Diversity & Inclusion
© 2021 Debevoise & Plimpton LLP
SEC Sanctions Investment Adviser for Failing to Adopt Cybersecurity Policies and Procedures
24 September 2015
View Client Update
In the wake of recent cybersecurity guidance, the SEC’s settlement with an investment adviser for lacking proper cybersecurity policies and procedures highlights the steps firms must take to plan and prepare for a data breach.
The SEC expects firms to establish, and regularly test and update, cybersecurity policies and procedures, including an incident response plan.
Firms should also be aware that risky data security practices may lead to liability. The SEC held the firm liable for: (1) outsourcing data without appropriate safeguards, (2) choosing not to encrypt sensitive customer information, and (3) failing to “prune” extraneous or unnecessary customer data.
Data Strategy & Security
Kenneth J. Berman
Jeffrey P. Cunard
Michael P. Harrell
View More Authors
UK Modern Slavery Act Transparency Statement
Debevoise Login (2)
Debevoise Women's Review