Since 2000, technological advances have transformed how customers interact with financial institutions and how such firms store, process and protect personal information. The proliferation of large-scale hacks and data breaches throughout this time simultaneously demonstrated the difficulty of data protection given the ever-evolving nature of cybercrime. Despite these developments, the SEC has failed to update Regulation S-P, or promulgate additional binding cybersecurity rules, until now. A recent article in the New York Law Journal by Ropes & Gray attorneys Edward McNicholas and Briana Fasone takes a deeper dive at this new development.  You can read the full New York Law Journal article here.