SEC Adopts Regulation S-P Enhancements

Regulation S-P was adopted by the SEC in 2000, and while it has required registered funds to adopt written policies and procedures covering safeguards that protect customer records and information, it did not previously include procedures to address data breach responses or notification.  On May 16, the SEC adopted rule amendments that require registered funds, among other entities, to adopt written incident response procedures to address unauthorized access to customer information, including notification procedures that provide details about the incident designed to help facilitate timely and appropriate responses. The amendments also extend safeguarding requirements to transfer agents and broaden the scope of information covered by safeguarding customer records.  In addition, the amendments include provisions for the proper disposal of customer report information and address privacy notice delivery provisions.

Click here to read an SEC press release covering the final rule.
Click here to read the final S-P Enhancements rule.
Click here to view a fact sheet covering the final rule.