Better Markets filed a comment letter with the Securities and Exchange Commission in response to the proposed rule to bolster protections for customer information and require notice to individuals affected by a data breach at financial institutions.
Why It Matters. It is unacceptable that today market participants are not required by the securities laws to tell Americans when their personal information has been stolen. The American people should know about breaches as soon as possible. Otherwise, they may be victimized twice: once when a breach that exposes their information occurs, and again when bad actors use the information to steal their identity, drain their back accounts, run up their credit cards, or steal their investments.
What We Said. The SEC has rightly proposed a rule that requires market participants to notify affected individuals. Notification can make the difference between identity theft that inflicts major financial losses and a swift response that results in minimal harm. Rapid and robust breach notification requirements empower individuals to proactively limit the very real and harmful effects of a breach. They can sign up with credit monitoring services, lock their credit reports, and cancel their credit cards. With respect to breaches at financial institutions specifically, they can open new bank or investment accounts and monitor their financial accounts vigilantly. That’s what the SEC’s proposed rule does: requires financial firms to notify breach victims so that they can take prompt action to protect themselves from the potential consequences. We urge the SEC to finalize the proposal without weakening any of its elements. In addition to the breach notification requirement, we support the proposal’s extension of the requirements to safeguard customer information to transfer agents as well as the broad definition of the types of customer information that market participants must protect. And our comment letter flags some necessary improvements that the Commission should make to the proposal to strengthen and shorten the notification process.
Bottom Line. The need to safeguard customer information should be uncontroversial. The Commission’s proposed enhancements would benefit both market participants and the customers they serve by requiring firms to guard against the risks that data breaches pose and respond to them appropriately when they do occur.
Read our full Comment Letter here or click the button below.