Information Security: Obligations and Expectations

Information security is not only a good idea — it is also a legal obligation. Federal and state laws impose obligations on businesses, including investment advisers, to keep their data secure. Most of these laws focus on requiring businesses to take reasonable security measures. While it may take regulators and courts years to clearly define what exactly those are, best practices that facilitate compliance can and should be developed and followed now. In this White Paper, SRZ partners Jason S. Kaplan and Holly H. Weiss, former SRZ partner Robert R. Kiesel and former SRZ attorney Michael L. Yaeger outline information security issues that businesses need to address, from complying with the SEC’s recent Risk Alert concerning the OCIE’s cybersecurity policy examinations to handling human resources and insurance concerns.