Race to the Top – States Push to Broaden Breach Reporting Requirements

Facebook just reported a massive data breach impacting over 50 million user accounts. And while most investment advisers are not likely to experience a breach of that scale, what is likely is that a cyber incident will occur at some point. Consequently, state regulators continue to expand the protections they require for their residents through increasingly strict data breach reporting requirements, in some cases coming very close to the international requirements imposed by the European Union’s General Data Protection Regulation (GDPR).

During a panel discussion, “State of the Data Breach: Legislative Changes and the Impact of GDPR,” at the recent Ascendant/CSS compliance conference in San Diego, Andrew Hartnett, Officer at Greensfelder, Hemker & Gale, P.C., Ronan Brennan, Chief Product Officer at CSS, and E.J. Yerzak, Director of Cyber IT Services at CSS brought attendees on a legislative journey of all that has changed in 2018 on the breach reporting front – from Alabama and South Dakota becoming the 49th and 50th states to enact data breach laws to various states including Colorado and California amending theirs. Cynthia LaRose, Chair of the Privacy and Data Security Practices at Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C., supplemented the discussion with some helpful materials about GDPR myths and misconceptions compared to the reality of the regulation.

Mr. Brennan highlighted the operational challenges firms face in complying with GDPR, such as mapping a comprehensive inventory of data and data flows as well as the importance of vendor management.

The session concluded with Mr. Hartnett reminding attendees that despite all of the changes we have seen recently in data breach laws in 2018, at the end of the day what is really important is not to memorize the nuances of all 50 state breach laws and GDPR but rather to focus on improving our cybersecurity programs (policies, procedures, testing, and training) from the outset to hopefully avoid a breach from occurring in the first place. Lining up legal and forensics support in advance to assist with the breach investigation and reporting can help firms to save their energy and efforts for maintaining an effective cybersecurity program throughout the year.


For more information on the Ascendant/CSS Shield cybersecurity solution, or to set up a demo, click here.

Related Content

Latest Content

The Challenges of Building a Global Compliance Program

Compliance programs face challenges in balancing global requirements with local exceptions while incorporating the fast pace of regulatory change, addressing critical business needs and obtaining the necessary resources necessary to manage the program. Trends and thinking on the subject were center stage at the recent CSS London event “Looking at the Year Ahead – Global … Continued

Coming to America – California Adopts GDPR-Like Privacy Regulation

After a number of firms struggled last year to get their marketing and information systems into compliance with the EU’s General Data Protection Regulation (GDPR), advisers to U.S. clients will soon be facing similar requirements on the home front.  On the heels of the Cambridge Analytica scandal, California enacted the California Consumer Privacy Act of … Continued

SEC and FINRA 2019 Examination Priorities

The SEC and FINRA have recently released their examination priorities for 2019. These releases provide insight into regulatory priorities and serve as guidance for a firm in evaluating its compliance program. We will discuss topics covered in these releases, including: Protecting retail investors Fees and expenses Disclosure Conflicts of interest Suitability Protecting senior investors Trading … Continued

SEC Reopened After 35-Day Government Shutdown

SEC Chairman Jay Clayton announced on Saturday, January 26 that with an agreement reached to end the government shutdown, the “Commission has resumed normal staffing levels and is returning to normal operations.” In total, about 94% of the commission’s approximately 4,400 employees had been furloughed during the 35-day shutdown, according to its operations plan. In a … Continued

FINRA Rolls Out New Central Registration Depository Functionality; Annual Verification Deadline Nears

FINRA first introduced enhancements to the Central Registration Depository (“CRD”) on October 1, 2018, which were rolled out in support of FINRA’s restructured qualification examination program as well as the adoption of consolidated FINRA registration rules. The new enhancements were intended to also more easily assist member firms with satisfying their reporting and compliance obligations. … Continued

Mailing List

Subscribe to the Ascendant Compliance email list for the latest compliance resources, conferences, ComplianceCasts™, and more.

Loading form...

Contact Us

Ascendant works together with clients to identify and assess critical needs through customized plans. If you need assistance with compliance functions, regulatory services, cybersecurity or technology tools, we’d love to speak with you.