Debevoise & Plimpton on the Latest Round of SEC Cybersecurity Enforcement Actions

On August 30, 2021, the SEC filed settled enforcement actions against three groups of broker-dealers and investment advisers for failing to protect confidential customer information in violation of Rule 30(a) of Regulation S-P (the “Safeguards Rule” or “Rule”). One group of the entities was also found to have violated Section 206(4) of the Advisers Act and Rule 206(4)-7, by allegedly providing misleading information in its breach notification to customers. These actions, which were announced just two weeks after the SEC imposed a $1 million civil penalty for an issuer’s allegedly misleading data breach disclosures in connection with a public company’s … Read more