•  
  •  
 

Abstract

I. Introduction

II. Modern Threats to Sensitive Data

III. The FTC’s Approach to Data Security

IV. The SEC’s Approach to Data Security ... A. The Safeguards Rule ... 1. Development of the Safeguards Rule ... 2. Safeguards Rule Enforcement Actions ... a. NEXT Financial Group ... b. LPL Financial Corp ... c. J. P. Turner & Co. and Stephen Bauman ... d. Commonwealth Equity Services ... e. GunnAllen Financial ... f. R. T. Jones Capital Equities Management ... g. Craig Scott Capital ... h. Morgan Stanley Smith Barney ... B. Other Statutes and Regulations ... 1. Statutes and Regulations the SEC Has Threatened to Use ... 2. Statutes and Regulations the SEC Has Actually Used

V. Reasons to Reject the Status Quo ... A. Reasons Opponents of the FTC’s Approach Would Reject the SEC’s Approach ... B. Reasons Proponents of the FTC’s Approach Would Reject the SEC’s Approach

VI. A Three-Part Proposal for Achieving the SEC’s Data-Security Goals ... A. Amendments to the Safeguards Rule ... 1. Text of the Proposed Regulation ... 2. Good Faith Obligation ... 3. Duty to Update ... 4. Recordkeeping Requirement ... 5. Definitions ... 6. Removal of the Current Subsection (b) ... B. Application of the Safeguards Rule Amendments to Other Statutes and Regulations ... 1. Investment-Company and Investment-Adviser Compliance Rules ... 2. Identity Theft Red Flags Rules ... 3. Investment-Company Redemption Rules ... 4. Rule 10 of Regulation S-P ... 5. Broker-Dealer Recordkeeping Rules ... C. Enforcement of the New Safeguards Rule

VII. Possibilities the SEC Should Reject ... A. Establish a Checklist of Specific Data-Security Standards with Which Investment Intermediaries Must Comply ... B. Aggressively Enforce the Safeguards Rule as It Currently Exists ... C. Cease Regulating Data-Security Practices

VIII. Conclusion

Appendix: Safeguards Rule Proceedings

Share

COinS