SEC amends Reg S-P to require data breach notification within 30 days
By 
Aaron Nicodemus2024-05-16T19:10:00
The Securities and Exchange Commission (SEC) will require broker-dealers and registered investment advisers to adopt written policies and procedures for handling data breaches of customer data and notify affected customers within 30 days.
On Thursday, the SEC approved amendments to Regulation S-P, known as the safeguards rule. The rule requires covered entities to have policies and procedures in place to safeguard and dispose of sensitive customer data, as well as provide privacy notices and opt out procedures.
The amendments widen obligations for broker-dealers, funding portals, registered investment advisers, investment companies, and transfer agents to create and implement a data breach incident response program.
THIS IS MEMBERS-ONLY CONTENT
You are not logged in and do not have access to members-only content.
If you are already a registered user or a member, SIGN IN now.
Related articles
-
News BriefSEC official clarifies material incident reporting under new cyber rule
Erik Gerding, director of the Securities and Exchange Commission’s Division of Corporation Finance, issued a statement addressing early inconsistencies observed under the agency’s new cybersecurity incident disclosure rule.
-
News BriefSEC risk alert flags branch office cybersecurity controls
The protection of customer personal data by branch offices of broker-dealers and investment advisers should be just as robust—and as well-coordinated—as protocols used by the firm’s home office, according to the Securities and Exchange Commission.
-
News Brief
SEC proposes Reg S-P updates on incident response, breach notifications
The Securities and Exchange Commission proposed amendments to its regulation requiring broker-dealers, investment companies, and registered investment advisers to establish policies and procedures to safeguard customer records and information.
More from Regulatory Policy
-
PremiumQ&A with FINRA’s Greg Ruppert on the organization’s use of Artificial Intelligence
Greg Ruppert, Chief Regulatory Operations Officer at the Financial Industry Regulatory Authority (FINRA), recently shared insights with Compliance Week regarding the self-regulatory organization’s use of Artificial Intelligence in monitoring trends in the market, spotting threats, and keeping its members informed.
-
PremiumEU financial firms must prepare now for new rules on critical third-party arrangements
European banks and financial institutions must prepare now for stringent new rules on third-party suppliers.
-
ArticleTrump tirade against DEI turns to proxy advisors and shareholder proposals
President Donald Trump has directed the Securities and Exchange Commission (SEC) to review—and remove—any SEC rules or guidance that allow proxy advisors to influence business practices related to diversity, equity and inclusion (DEI) and environmental, social and governance (ESG) policies.