More SEC rules, this time mandating financial firms inform victims of data breaches within 30 days!
Why wasn't this already a requirement?
Last year, the SEC instituted requirements for publicly traded companies to inform investors of material cybersec