Texas Administrative Code
Title 7 - BANKING AND SECURITIES
Part 7 - STATE SECURITIES BOARD
Chapter 116 - INVESTMENT ADVISERS AND INVESTMENT ADVISER REPRESENTATIVES
Section 116.23 - Notice of Cybersecurity Incident

Universal Citation: 7 TX Admin Code ยง 116.23

Current through Reg. 49, No. 38; September 20, 2024

(a) Definitions. The following words and terms, when used in this section, shall have the following meanings, unless the context clearly indicates otherwise.

(1) Cybersecurity incident--
(A) the unauthorized acquisition of computerized or electronic data that compromises the security, confidentiality, or integrity of sensitive personal information being maintained;

(B) an occurrence that otherwise jeopardizes the security of the information system or the information the system processes, stores or transmits; or

(C) violates the security policies, security procedures or acceptable use policies of the information system owner to the extent such occurrence results from unauthorized or malicious activity.

(2) Information system--a set of applications, services, information technology assets or other information-handling components organized for the collection, processing, maintenance, use, sharing, dissemination or disposition of electronic information, which is maintained by the investment adviser, an affiliate, or a third party service provider at the direction of the investment adviser.

(3) "Triggering event" means a cybersecurity incident regarding the information system maintained by or on behalf of the investment adviser, that will require:
(A) submission of a notice to a state or federal agency, law enforcement, or to a self-regulatory body; or

(B) sending a data breach notification to customers of the investment adviser under applicable state or federal law, including Business and Commerce Code, § RSA 521.053, or a similar law of another state.

(b) Notice to the Securities Commissioner. When a triggering event occurs that does or may affect customers or clients of the investment adviser located in Texas, the registered investment adviser must provide notice to the Securities Commissioner at the time the notice or notification identified in paragraph (3)(A) or (3)(B) of subsection (a) of this section occurs.

(c) Content of notice. The notice required by subsection (b) of this section is met by the registered investment adviser forwarding a copy of the notice or notification identified in paragraph (3)(A) or (3)(B) of subsection (a) of this section or other document containing substantially the same information. Additionally, if such information is available to the registered investment adviser at the time the notice is provided, the investment adviser should identify the number of customers located in Texas affected by the triggering event.

Disclaimer: These regulations may not be the most recent version. Texas may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.