Abstract

Purpose To provide a roadmap for financial services firms in designing some key policies and procedures relating to their cybersecurity programs, including document retention policies, creating incident response plans, and starting or evaluating a bounty program. Design/methodology/approach This article is divided into three parts: how to design a document retention policy, how to draft an effective incident response plan, data privacy considerations for starting or evaluating a bounty program. The information is presented in narrative form as well as through a series of practical checklists, questions for consideration and tables to represent data collected from other sources or analyzed by the authors. Findings This article identifies best practices for data security with respect to document retention policies, incident response plans and bounty programs. Originality/value This article includes practical guidance regarding document retention policies, incident response plans and bounty programs from lawyers with experience in data privacy and security, investment management and fund formation. This information is of value to financial services firms, which face potential financial implications and increasing regulatory ramifications, including enforcement actions, fines and penalties, for the failure to adopt tailored cybersecurity programs.

Full Text
Paper version not known

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.