The 2011 PG&E Data Breach from the PG&E Microsoft Sharepoint Server
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoNyRynomd4CrjLLq55Lfqd13233PDWjwJ3l5eYJtZpgHMhGIFGqZ1aGVRv4G4_KMCjwyyL3DoKtwix98G5aZHwm14zwFPgqtrToNj0nchKI1w1HiqceqNs3IIF3-7b9kleToScW8w8q8sxJ0/s1600/20110707-PGE-Terrorism-Stolen-Maps.PNG"
17 CFR § 248.30 - Procedures to safeguard customer records and information; disposal of consumer report information.
§ 248.30 Procedures to safeguard customer records and information; disposal of consumer report
information.
(a) Every broker, dealer, and investment company, and every investment adviser registered with the Commission must adopt written policies and procedures that
address administrative, technical, and physical safeguards
for the protection of customer records and information. These written policies and
procedures must be reasonably designed to:
(1) Insure the security and confidentiality of customer records and information;
(2) Protect against any anticipated threats or hazards to
the security or integrity of customer records and information; and
(3) Protect against unauthorized access to or use
of customer records or information that could result in
substantial harm or inconvenience to any customer.
(b) Disposal of consumer report information and records -
(1) Definitions (i) Consumer report has the same meaning as in section 603(d) of
the Fair Credit Reporting Act (15 U.S.C. 1681a(d)).
(ii) Consumer report information means any record about an individual, whether in
paper, electronic or other form, that is a consumer report
or is derived from a consumer report. Consumer report
information also means a compilation of such records.
Consumer report information does not include information
that does not identify individuals, such as aggregate
information or blind data.
(iii) Disposal means:
(A) The discarding or abandonment of consumer report
information; or
(B) The sale, donation, or transfer of any medium,
including computer equipment, on which consumer report
information is stored.
(iv) Notice-registered broker-dealers means a broker or dealer registered by notice with
the Commission under section 15(b)(11) of the Securities Exchange Act of 1934 (15 U.S.C. 78o(b)(11)).
(v) Transfer agent has the same meaning as in section 3(a)(25) of
the Securities Exchange Act of 1934 (15 U.S.C. 78c(a)(25)).
(2) Proper disposal requirements -
(i) Standard. Every broker and dealer other than notice-registered
broker-dealers, every investment company, and every investment adviser and transfer agent registered with the Commission, that maintains or otherwise possesses consumer report
information for a business purpose must properly dispose of
the information by taking reasonable measures to protect
against unauthorized access to or use of the information in
connection with its disposal.
(ii) Relation to other laws. Nothing in this section shall be construed:
(A) To require any broker, dealer, or investment company, or any investment adviser or transfer agent registered with the Commission to maintain or destroy any record pertaining to an
individual that is not imposed under other law; or
(B) To alter or affect any requirement imposed under any
other provision of law to maintain or destroy any of those
records.
[65 FR 40362, June 29, 2000, as amended at 69 FR 71329, Dec. 8, 2004]
No comments:
Post a Comment