On September 22, 2015, the US Securities and Exchange Commission (“SEC”) brought and settled charges against a registered investment adviser (the “RIA”) for violations of the Gramm-Leach-Bliley Act’s “safeguards rule” adopted under Regulation S-P.1 These violations occurred immediately prior to a cybersecurity breach of the RIA’s systems, in which the hackers may have obtained personally identifiable information (“PII”) of 100,000 individuals.

Continue reading.