Cybersecurity Guidance from Canadian Securities Administrators

On October 19, 2017, the Canadian Securities Administrators (“CSA”) published Staff Notice 33-321 Cyber Security and Social Media to report on a survey of cybersecurity and social media practices by firms registered to trade securities or to advise clients regarding securities, and to provide guidance regarding cybersecurity and social media practices. The Staff Notice supplements the CSA’s 2016 Staff Notice 11-332 Cyber Security.

The CSA’s 2017 Staff Notice 33-321 Cyber Security and Social Media reports on the results of a survey of firms’ cybersecurity and social media practices. The Staff Notice reminds that securities market participants are a known target of cyber criminals, and emphasizes that all firms, regardless of size or functions outsourced to related entities, should have appropriate cybersecurity policies and procedures. The Staff Notice provides specific guidance for cybersecurity practices relating to the following issues: (1) policies/procedures; (2) training; (3) risk assessments; (4) incident response plan; (5) service provider due diligence; (6) data protection; and (7) insurance.

To read our bulletin on this topic, click here.

This content has been updated on October 27, 2017 at 17 h 28 min.