June 26, 2019

June 26, 2019

Subscribe to Latest Legal News and Analysis

June 25, 2019

Subscribe to Latest Legal News and Analysis

June 24, 2019

Subscribe to Latest Legal News and Analysis

SEC Issues Alert On Outsourcing and Data Security

The SEC recently issued a risk alert warning about using vendors and cloud-based platforms. Many broker dealers and investment advisors are turning to these third parties to store customer data. In its alert, the SEC’s Office of Compliance Inspections and Examinations warns firms that relying on those third parties’ security tools is not, in and of itself, sufficient for the companies to demonstrate compliance with Regulations S-P and S-ID. These regulations require broker-dealers and investment advisers to protect customer records and detect and prevent identity theft.

Of concern for the SEC is firms who might have inadequately configured the security settings on their network storage systems–whether on site or cloud-based. Also of concern, and mentioned in the report, is failing to exercise enough oversight over the vendors’ security settings. The SEC warns firms to have policies and procedures sufficient to (a) identify all the different types of customer data and (b) implement appropriate controls to protect each class of data. It also recommends that companies have vendor management policies that provide for regular implementation and monitoring of software patches and hardware updates.

Putting it Into Practice: This alert from the SEC is a reminder that companies cannot rely only on third parties’ representations about security. Companies will also want to exercise proactive and ongoing assessments of both their own and their vendors’ network storage systems’ security settings.

*Katherine Boy Skipsey is a summer associate in Sheppard Mullin’s New York office.

Copyright © 2019, Sheppard Mullin Richter & Hampton LLP.

TRENDING LEGAL ANALYSIS


About this Author

Liisa Thomas, Sheppard Mullin Law Firm, Chicago, Cybersecurity Law Attorney
Partner

Liisa Thomas, a partner based in the firm’s Chicago and London offices, is Co-Chair of the Privacy and Cybersecurity Practice. Her clients rely on her ability to create clarity in a sea of confusing legal requirements and describe her as “extremely responsive, while providing thoughtful legal analysis combined with real world practical advice.” Liisa is the author of the definitive treatise on data breach, Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification, which has been described as “a no-nonsense roadmap for in-house and...

312-499-6335
Sarah Aberg Government Contracts Attorney Sheppard Mullin Law Firm New York
Associate

Sarah Aberg is an associate in the Government Contracts, Investigations & International Trade Practice Group in the firm's New York office.

Areas of Practice

Ms. Aberg’s practice encompasses securities regulation, compliance, and litigation as well as internal investigations and white-collar defense. She frequently represents broker-dealers and associated individuals who are the focus of SEC, FINRA, and other regulatory investigations. She has conducted numerous internal investigations into a wide variety of allegations, including insider trading, unauthorized trading, and other retail brokerage sales practice violations. Ms. Aberg has also represented banks, broker-dealers, securities professionals and individuals in connection with investigations and inquiries by the Department of Justice, FINRA, and the New York Attorney General’s and District Attorney’s Offices.

Experience

Representative Experience 

  • The Private Bank division of a global investment bank in connection with ongoing FINRA, SEC and state securities regulatory inquiries and investigations.
  • Senior mortgage finance professionals in RMBS-related investigations and litigations.
  • Financial advisors in connection with SEC investigation into Forex trading platform.
  • A securities broker in DOJ/SEC investigation regarding bond trading practices.
  • A federal savings bank charged with mortgage and securities fraud by the Manhattan District Attorney.
  • An international retailer in a federal civil asset forfeiture action concerning structuring allegations.
  • Skaarup Shipping International in successfully defeating a $50 million prejudgment attachment in the District of Connecticut.
  • CIT Financial Services, Inc. in a New Jersey arbitration over breach of contract.
  • General Dynamics Corp. in filings with the US. Maritime Administration.

Practices

  • Government Contracts, Investigations & International Trade
  • Litigation
  • White Collar Defense and Corporate Investigations
212-634-3091
Kari Rollins Intellectual Property Lawyer Sheppard
Partner

Kari M. Rollins is a partner in the Intellectual Property Practice Group in the firm's New York office.

Areas of Practice

Ms. Rollins focuses her practice on privacy and complex commercial litigation matters. She has successfully represented clients in the financial services, audit and accounting, food services, retail, and fashion industries before state and federal courts, as well as in front of state attorneys general, federal regulators, and U.S. and international commercial arbitration forums....

212.634.3077