SEC proposes Reg S-P updates on incident response, breach notifications
By 
Kyle Brasseur2023-03-15T17:45:00
The Securities and Exchange Commission (SEC) on Wednesday proposed amendments to its regulation requiring broker-dealers, investment companies, and registered investment advisers to establish policies and procedures to safeguard customer records and information.
The proposed amendments would update Regulation S-P to “address the expanded use of technology and corresponding risks” that have come with innovation since the rule was first adopted in 2000, the SEC said in a press release. The agency noted its proposed changes were informed by comments in response to an abandoned 2008 proposal to amend Reg S-P in a similar manner.
The new proposal will be subject to a 60-day comment period following publication in the Federal Register.
Related articles
-
News BriefSEC amends Reg S-P to require data breach notification within 30 days
The Securities and Exchange Commission will require broker-dealers and registered investment advisers to adopt written policies and procedures for handling data breaches of customer data and notify affected customers within 30 days.
-
News BriefFTC tweaks Safeguards Rule to address data breaches
Nonbank financial institutions must report certain data breaches to the Federal Trade Commission within 30 days of discovery under a new amendment to the agency’s Safeguards Rule.
-
PremiumSEC’s Grewal spotlights enforcement focus on cyber disclosures
The No. 1 priority at the Securities and Exchange Commission after organizations are impacted by a cybersecurity incident is that investors receive timely and accurate disclosures, according to Enforcement Division Director Gurbir Grewal.
More from Regulatory Policy
-
ArticleNine states collaborating on data privacy enforcement across state lines
Nine states are collaborating to write and enforce comprehensive data privacy laws, in an effort to protect consumers across jurisdictions and due to the absence of a broad, federal privacy law.
-
News BriefFINTRAC hits British Columbia crypto firm with record $125M penalty for AML failures
Canada’s financial intelligence agency has issued its largest-ever penalties against a cryptocurrency exchange, a fine of $126 million (CA$176.9 million). The agency said the exchange’s compliance failures represented a “severe breach of Canada’s anti–money laundering framework.”
-
ArticleNYDFS to firms: apply cybersecurity rules to third-parties
The New York State Department of Financial Services (NYDFS) wants financial firms to step up their game when it comes to third parties and cybersecurity.