NIST Privacy Framework

On January 27, the Office of Compliance Inspections and Examinations (OCIE) of the Securities and Exchange Commission issued a statement summarizing its observations of cybersecurity and operational resiliency practices of broker-dealers, investment advisers, clearing agencies, national securities exchanges and other SEC registrants (the Observations). In its introduction to the Observations, the OCIE staff notes that cybersecurity is a key priority for OCIE. Therefore, although the OCIE staff acknowledges that there is not a “one-size fits all” approach to addressing cybersecurity, it recommends that SEC registrants assess their cybersecurity practices in light of the Observations.
Continue Reading OCIE Provides Observations on Cybersecurity and Operational Resiliency Best Practices

On January 28, the Commodity Futures Trading Commission (CFTC) announced that it will adopt the National Institute of Standards and Technology (NIST) Privacy Framework for data privacy protection. The NIST Privacy Framework is a voluntary tool developed in collaboration with stakeholders (e.g., service providers, customers, partners) intended to help organizations identify and manage privacy risk