pdf

Law360: Existence Of Cybersecurity Policies Not Enough For SEC

September 28, 2018

Voya Financial Advisors, Inc. agreed to pay $1 million after the US Securities and Exchange Commission found that the company violated a rule designed to prevent identity theft. Though Voya had a cybersecurity policy in place, the SEC found that these policies were not “properly implemented or didn’t extend to independent contractors.” “These rules are designed to require the company to set up safeguards and red flag policies,” said O’Melveny special counsel Scott Pink. “But I think the point here is it’s not just setting them up. It’s making sure that they actually apply and are adequate for the specific business purposes and services you’re providing.”