The Securities and Exchange Commission (SEC) has adopted amendments to Regulation S-P that require certain financial institutions to disclose data breach incidents to impacted individuals within 30 days of discovery. […]
from https://www.bleepingcomputer.com/news/security/sec-financial-orgs-have-30-days-to-send-data-breach-notifications/