“SEC Addresses Cybersecurity Concerns About Stock-Investor Data,” The Wall Street Journal, March 27, 2019. SEC restricts personally identifiable information in shared investment database.
How do you collect and retain enough data to enforce securities laws but not put private information at too much risk of being hacked? Don’t businesses face similar dilemmas every day, when deciding how much protection/control to put around what information in their possession and control? Isn’t Governance the mechanism by which those decisions are made, and who makes them?