The SEC today published in the Federal Register its Regulation SCI (Regulation Systems Compliance and Integrity), which requires key market participants to have and implement written policies and procedures reasonably designed to ensure the availability, confidentiality and integrity of their systems as necessary to assure the fair and orderly operation of the markets.  Among the specific requirements are periodic testing, annual systems review and disclosure of “SCI events” – including both functional and security issues.  In addition to security issues, the new regulation is aimed in part at avoiding incidents like the “flash crash” of 2010 and the operational problems that occurred during the Facebook IPO in 2012.

A “systems intrusion” will be defined as “any unauthorized entry into the SCI systems or SCI security systems of an SCI entity.”  While there is no materiality threshold, the SEC does make it clear that unsuccessful attempts at unauthorized entry will not be treated as a Systems Intrusion.

Latham will soon publish a detailed analysis of new Regulation SCI as a Client Alert that will be available here on the Global Privacy & Security Blog as well as on the firm’s website. If you would like to be sent a copy, please subscribe to the blog.

Photo of Jennifer Archie Jennifer Archie

A 20-year member of the Washington, D.C. Litigation Department, Jennifer Archie advises some of the largest online brands and US corporations on a broad array of privacy and data security matters, investigations, and lawsuits. Her specific areas of expertise and interest include representing…

A 20-year member of the Washington, D.C. Litigation Department, Jennifer Archie advises some of the largest online brands and US corporations on a broad array of privacy and data security matters, investigations, and lawsuits. Her specific areas of expertise and interest include representing companies before the US Federal Trade Commission in response to agency investigations of consumer marketing or privacy practices, defending privacy and deceptive practices lawsuits, rendering practical privacy and security advice for global companies in consultation with her colleagues in Europe and elsewhere, advising on individual marketing and promotional campaigns with a special focus on social media and social gaming, and advising global businesses on (authorized) data collection, use, storage, and export practices.

Read more about Jennifer ArchieEmail
Show more Show less
Photo of Kevin Boyle Kevin Boyle

Kevin Boyle advises clients on security and privacy issues arising in connection with a broad array of transactions as well as in responding to security incidents and dealing with promotion and marketing issues. Working with enterprises large, small and in between, he guides…

Kevin Boyle advises clients on security and privacy issues arising in connection with a broad array of transactions as well as in responding to security incidents and dealing with promotion and marketing issues. Working with enterprises large, small and in between, he guides clients in developing practical solutions to privacy and security compliance issues that reduce both risk and cost. Kevin’s approach is guided by his role as chair of Latham’s global security and privacy compliance program where he “enjoys” a client’s perspective of many of the issues that face privacy and security professionals. With the firm since 1987, Kevin has nearly 15 years of experience in dealing with privacy and security issues.

Email
Show more Show less