New SEC Amendment Prioritizes Customer Data Protection

Pillsbury

PDF
Share
- Email
- Twitter
- LinkedIn
- Facebook

05.30.24

The new amendments to Regulation S-P, which will require registered broker-dealers, investment companies and registered investment advisors to have policies in place to protect customer data, was recently finalized by the U.S. Securities & Exchange Commission (SEC).

Initially proposed in March 2023, the new amendments will require “covered institutions” to notify individuals that were affected by a data breach within 30 days as part of an “incident response program.”

In an interview with PlanAdviser, Corporate Investigations & White Collar Defense partner David Oliwenstein said that, unless covered parties reasonably determine there is minimal risk of “substantial harm of inconvenience” in regard to sensitive customer information, covered institutions must disclose a breach to impacted individuals.

Employee training, network security, internal escalation of incidents and confirmation and classification of incidents are among the items that the SEC will require other firms to maintain as part of an incident response program, he added.

Click here to read the full article.

Tags: David Oliwenstein, Corporate Investigations & White Collar Defense, Litigation, Securities Litigation & Enforcement, Regulatory, Cybersecurity, Data Protection & Privacy, Technology, Private Equity, Investment Funds, New York