The SEC Joins Growing Alphabet Soup of Regulators Interested in Policing Data Security
And it just got even more crowded in the alphabet soup of data security enforcement. It’s the Securities and Exchange Commission’s turn to be on cybersecurity patrol. On the heels of a court decision upholding the Federal Trade Commission’s authority to enforce data security, the SEC has announced plans to launch more than 50 cybersecurity exams. The exams are designed to assess cybersecurity preparedness in the securities industry. Experts suggest there is more to come, and that the SEC’s exam could easily be tweaked for other industries.
Could the SEC’s pending involvement in policing information security practices create even more of a burden on your compliance efforts? Well, yes…and no. According to Karen Evans, who previously worked at the Office for Management and Budget, “It shouldn’t be a burden if a firm is practicing good information security assurance and risk management.”
But for those who haven’t thoroughly assessed their risk and created a strong foundation for HIPAA-HITECH compliance, the move by the SEC signals another source for potential punitive actions that could significantly impact your organization’s reputation and bottom line.
Have a look for yourself and notice how eerily closely the SEC exam lines up with HIPAA requirements. And let us know what you think about this development by joining the conversation in our LinkedIn group.
Latest posts by Bob Chaput (see all)
- HIPAA Risk Analysis Tip – What Level of Detail is Adequate? - April 29, 2017
- HIPAA Risk Analysis Tip – How Comprehensive Must Your HIPAA Security Risk Analysis Be? - April 25, 2017
- HIPAA Risk Analysis Tip – Does OCR really use the “Guidance on Risk Analysis Requirements under the HIPAA Security Rule”? - April 23, 2017