pdf

Law360: SEC Not Satisfied With Existence of Cybersecurity Policies

October 05, 2018

Despite setting up an identity theft prevention program almost a decade ago, a prominent financial service company recently agreed to pay a fine of US$1 million for violating the US Securities and Exchange Commission’s (SEC) Identity Theft Red Flags Rule. “These rules are designed to require the company to set up safeguards and red flag policies,” said O'Melveny & Myers LLP attorney Scott Pink. “But I think the point here is it's not just setting them up. It's making sure that they actually apply and are adequate for the specific business purposes and services you're providing.”