FINRA to Member Firms: “You Heard the SEC, Create Plans for Data Breaches Now!”
Broker Dealer Law blog
On May 15, 2024, the SEC announced it would make amendments to Regulation S-P (Reg S-P). This will be the first amendment to the regulation since its adoption 24 years ago in 2000. The regulation focuses on how institutions handle customers’ private personal information. The amendment comes in response to the ever-evolving technologies that expose individuals’ sensitive data to potential security breaches. SEC Chair Gary Gensler stated “Over the last 24 years, the nature, scale and impact of data breached has transformed substantially” and that “amendments to regulation S-P will make critical updates to a rule first adopted in 2000 and help protect the privacy of customers’ financial data.”
The new amendments to Reg S-P require firms to (1) have an incident response program, including written policies and procedures, (2) provide notice to customers in the event of a breach no later than 30 days of its discovery, and (3) provide oversight through due diligence and monitoring of service providers, though firms ultimately retain the burden of ensuring that notice of any breach is provided to affected customers per Reg S-P’s requirements.
The material contained in this communication is informational, general in nature and does not constitute legal advice. The material contained in this communication should not be relied upon or used without consulting a lawyer to consider your specific circumstances. This communication was published on the date specified and may not include any changes in the topics, laws, rules or regulations covered. Receipt of this communication does not establish an attorney-client relationship. In some jurisdictions, this communication may be considered attorney advertising.
Meet the Authors
