Consistent with the ongoing guidance/requirements from the SEC and FINRA, all firms must have and enforce data security policies and procedures. Even the best policies and procedures may, however, not protect the firm in every instance. So what do you do if there is a breach?
One of the most important things to determine is what law governs. In other words, if you have clients in all 50 states, it is possible that there are 50 different data breach laws that may be implicated. Fox Rothschild LLP has a free app, Data Breach 411, which provides an overview of state data breach laws.
Knowing what you need to know is imperative when assessing a data breach.