Information security is not only a good idea — it is also a legal obligation. Federal and state laws impose obligations on businesses, including investment advisers, to keep their data secure. Most of these laws focus on requiring businesses to take reasonable security measures. While it may take regulators and courts years to clearly define

Cybersecurity continues to be a priority for the Securities and Exchange Commission. The SEC’s Office of Compliance Inspections and Examinations conducted a cybersecurity “sweep” examination in 2014 and released a summary of its results in early 2015. The SEC’s Division of Investment Management — which regulates investment companies and investment advisers — has now issued

Earlier this week, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert providing observations derived from its “Cybersecurity Examination Initiative,” which was announced on April 15, 2014. The Risk Alert is based on OCIE’s examinations of the cybersecurity policies and practices of 57 registered broker-dealers and 49 registered investment advisers. While