Elizabeth Kemery Sipes, Joshua James and David Zetoony
To provide a roadmap for financial services firms in designing some key policies and procedures relating to their cybersecurity programs, including document retention policies…
Abstract
Purpose
To provide a roadmap for financial services firms in designing some key policies and procedures relating to their cybersecurity programs, including document retention policies, creating incident response plans, and starting or evaluating a bounty program.
Design/methodology/approach
This article is divided into three parts: how to design a document retention policy, how to draft an effective incident response plan, data privacy considerations for starting or evaluating a bounty program. The information is presented in narrative form as well as through a series of practical checklists, questions for consideration and tables to represent data collected from other sources or analyzed by the authors.
Findings
This article identifies best practices for data security with respect to document retention policies, incident response plans and bounty programs.
Originality/value
This article includes practical guidance regarding document retention policies, incident response plans and bounty programs from lawyers with experience in data privacy and security, investment management and fund formation. This information is of value to financial services firms, which face potential financial implications and increasing regulatory ramifications, including enforcement actions, fines and penalties, for the failure to adopt tailored cybersecurity programs.