Regulatory Trend: Agency Fines for Failing Policies before Data Breach

Which agency is issuing fines for lacking data security policies? The Securities and Exchange Commission. 

Why is the SEC fining a company? Two reasons:

1. It failied to have an adequate daa security policy in place before it experienced a data breach that exposed financial records of 100,000.
   1. Let’s repeat, the company never adopted written policies and procedures
   2. The company did not conduct periodic risk assessments
   3. The company did not implement a firewall
   4. The company did not encrypt its personally-identifiable information
   5. The company did not maintain a response plan for any incidents either. 
2. The financial information was stored on a third party-hosted web server.

What was the data breach that triggered the $75,000 fine? In July 2013, the 3rd party web server was breached by an unknown hacker from China after which the financial company contacted all parties offering free identity theft monitoring

Investment News: SEC nails advisory firm for cybersecurity failure before data breach