On March 15th, the SEC proposed enhancements to Regulation S-P, the regulation which protects the privacy of consumer financial information. The proposed changes would require covered institutions (broker-dealers, investment companies, registered investment advisers, and transfer agents) to keep affected individuals apprised of certain types of data breaches that may put them at risk.
More specifically, should the proposed amendments be approved, they would improve protections of customer information by:
widening the range of information covered by Regulation S-P’s requirements
requiring covered institutions to establish written policies and procedures for an incident response program to address unauthorized access to or use of customer information
requiring covered institutions to have written policies and procedures to provide timely notification to affected individuals whose sensitive customer information may be or may have been accessed or used without authorization
The proposal is open for public comment for 60 days after the date of publication of the proposing release
in the Federal Register. To submit feedback, interested parties may us the SEC’s internet comment form or send an email to email@example.com with the File Number S7-05-23 in the subject line.