SEC v. R.T. Jones shows the SEC has a role in regulating cybersecurity

Posted byShawn E. Tuma 2 Comments on SEC v. R.T. Jones shows the SEC has a role in regulating cybersecurity

The federal security laws require registered investment advisers to adopt written policies and procedures reasonably designed to protect customer records and information. SEC v. R.T. Jones Capital Equities Management, Consent Order (Sept. 22, 2015).

  • “Firms must adopt written policies to protect their clients’ private information and they need to anticipate potential cybersecurity events and have clear procedures in place rather than waiting to react once a breach occurs.”
  • R.T. Jones violated this “safeguards rule” during a four-year period when it had no such policies and hackers accessed more then 100,000 records of individuals, including its clients. The attack was traced to China; no individuals have reported financial harm.
  • This violated Rule 30(a) of Regulation S-P of the Securities Act of 1933. In settling, R.T. Jones agreed to censure and a $75,000 penalty.

 

Published by Shawn E. Tuma

Shawn Tuma is an attorney who is internationally recognized in cybersecurity, computer fraud and data privacy law, areas in which he has practiced for nearly two decades. He is a Partner at Spencer Fane, LLP where he regularly serves as outside cybersecurity and privacy counsel to a wide range of companies from small to midsized businesses to Fortune 100 enterprises. You can reach Shawn by telephone at 972.324.0317 or email him at stuma@spencerfane.com.

Join the Conversation

2 Comments

  1. Pingback: 3 Important Points on Computer Use Policies | Cybersecurity Business Law
  2. Pingback: Cybersecurity: How Long Should An Incident Response Plan Be? | Cybersecurity Business Law

Leave a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from Business Cyber Risk

Subscribe now to keep reading and get access to the full archive.

Continue reading