The SEC Joins Growing Alphabet Soup of Regulators Interested in Policing Data Security 

And it just got even more crowded in the alphabet soup of data security enforcement. It’s the Securities and Exchange Commission’s turn to be on cybersecurity patrol. On the heels of a court decision upholding the Federal Trade Commission’s authority to enforce data security, the SEC has announced plans to launch more than 50 cybersecurity exams. The exams are designed to assess cybersecurity preparedness in the securities industry. Experts suggest there is more to come, and that the SEC’s exam could easily be tweaked for other industries.

Could the SEC’s pending involvement in policing information security practices create even more of a burden on your compliance efforts? Well, yes…and no. According to Karen Evans, who previously worked at the Office for Management and Budget, “It shouldn’t be a burden if a firm is practicing good information security assurance and risk management.”

But for those who haven’t thoroughly assessed their risk and created a strong foundation for HIPAA-HITECH compliance, the move by the SEC signals another source for potential punitive actions that could significantly impact your organization’s reputation and bottom line.

Have a look for yourself and notice how eerily closely the SEC exam lines up with HIPAA requirements. And let us know what you think about this development by joining the conversation in our LinkedIn group.

Bob Chaput

CEO at Clearwater Compliance
Bob Chaput is widely recognized for his extensive and in-depth knowledge of healthcare compliance and cyber risk management, and is one of the industry’s leading authorities in healthcare information security today. As a leading authority safeguarding health data, Chaput has supported hundreds of hospitals and health systems to successfully manage healthcare’s evolving cybersecurity threats and ensure patient safety.