SEC Proposes Amendments to Regulation S-P

The Securities and Exchange Commission (SEC) has proposed amendments to Regulation S-P, which sets forth privacy obligations for entities it regulates. To help prevent and address security breaches and better protect investor information, the SEC proposes to amend Regulation S-P in four principal ways. First, the proposed amendments would require more specific standards under the safeguards rule, including standards that would apply to data security-breach incidents. Second, they would amend the scope of the information covered by the safeguards and the disposal rules, and broaden the types of institutions and persons covered by the rules. Third, the proposed amendments would require institutions subject to the safeguards and the disposal rules to maintain written records of their policies and procedures and their compliance with those policies and procedures. Finally, the amendments provide a new exception from Regulation S-P's notice and opt-out requirements to allow investors to more easily follow a representative who moves from one brokerage or advisory firm to another.

More specifically, the proposed amendments would further develop the current safeguards rule in Regulation S-P by requiring each institution subject to the safeguards rule to develop, implement, and maintain a comprehensive "information security program," including written policies and procedures that provide administrative, technical, and physical safeguards for protecting personal information, and for responding to unauthorized access to or use of personal information. The proposed amendments would also specify particular elements that a program meeting the requirements of Regulation S-P must include.

For the full story, please view the PDF.