More SEC rules, this time mandating financial firms inform victims of data breaches
within 30 days!
Why wasn't this already a requirement?
Last year, the SEC instituted requirements for publicly traded companies to inform investors of material cybersecurity events within 4 days. That edict spurred a small wave of misguided protests in the #cybersecurity community, who warned of bad omens which never materialized.
I am anxious to see if this latest
regulatory requirement also becomes a hotbed of discussion. <popcorn at the
ready>
Victims of data breaches have a right to know!
Banks seem to have all the benefits in the financial system.
They may not implement the way they present