SEC amends Reg SP to require data breach notification within 30 days News Brief Compliance Week
pWelcome to ComplianceWeekcom This site uses cookies Read our policypp Chief Compliance Officer and VP of Legal Affairs Arrow ElectronicsppBy Aaron Nicodemus20240516T1910000100ppThe Securities and Exchange Commission SEC will require brokerdealers and registered investment advisers to adopt written policies and procedures for handling data breaches of customer data and notify affected customers within 30 daysppOn Thursday the SEC approved amendments to Regulation SP known as the safeguards rule The rule requires covered entities to have policies and procedures in place to safeguard and dispose of sensitive customer data as well as provide privacy notices and opt out proceduresppThe amendments widen obligations for brokerdealers funding portals registered investment advisers investment companies and transfer agents to create and implement a data breach incident response programppFirms that experience data breaches must inform affected customers as soon as practicable but at least within 30 days after becoming aware a breach occurred according to an SEC fact sheet The notices must include details about the incident the data breached and how affected individuals can protect themselves Firms that determine sensitive customer information has not been and is not reasonably likely to be used in a manner that would result in substantial harm or inconvenience are exemptppThe amendments also expand the type of nonpublic personal information covered beyond what the firm itself collects to include personal information the firm has received from another financial institutionppRegulation SP had not been significantly updated since it was adopted in 2000 The agency proposed amendments in March 2023ppI believe that these amendments will help customers maintain their privacy and protect themselves The basic idea for covered firms is if youve got a breach then youve got to notify Thats good for investors SEC Chair Gary Gensler said in a statementppSEC Commissioner Hester Peirce who supported the amendments expressed concern the breadth of the new rules would force firms to send so many breach notices that customers would simply ignore themppHow does your behavior change if you start getting a notice every few months Or every month Or every week What if you get notifications from multiple entities related to the same breach she asked in a statementppThe amendments take effect 60 days after publication in the Federal Register with a compliance date of 18 months after the effective date for larger firms and two years for smaller firmsppppppppCompliance Week accepts outside contributions from corporate chief compliance officers and other seniorlevel GRC practitioners To learn more contact the CW Editorpp
20240522T163500Z
By Kyle Brasseur
ppErik Gerding director of the Securities and Exchange Commissions Division of Corporation Finance issued a statement addressing early inconsistencies observed under the agencys new cybersecurity incident disclosure rulepp
20230427T184300Z
By Aaron Nicodemus
ppThe protection of customer personal data by branch offices of brokerdealers and investment advisers should be just as robustand as wellcoordinatedas protocols used by the firms home office according to the Securities and Exchange Commissionpp
20230315T174500Z
By Kyle Brasseur
ppThe Securities and Exchange Commission proposed amendments to its regulation requiring brokerdealers investment companies and registered investment advisers to establish policies and procedures to safeguard customer records and informationpp
20240618T151000Z
By Aaron Nicodemus
ppTwo senior officials from the Securities and Exchange Commission and Commodity Futures Trading Commission described how both agencies are committed to rooting out offchannel communications among registered entities for the long termpp
20240617T134400Z
By Compliance Week
ppWilliam Donaldson a former chairman of the Securities and Exchange Commission died Tuesday He was 93pp
20240613T191200Z
By Kyle Brasseur
ppPresident Joe Biden selected a commissioner at the Commodity Futures Trading Commission as his preferred choice to lead the Federal Deposit Insurance Corporation in the aftermath of its toxic workplace culture scandalppSite powered by Webvision Cloudp
20240522T163500Z
By Kyle Brasseur
ppErik Gerding director of the Securities and Exchange Commissions Division of Corporation Finance issued a statement addressing early inconsistencies observed under the agencys new cybersecurity incident disclosure rulepp
20230427T184300Z
By Aaron Nicodemus
ppThe protection of customer personal data by branch offices of brokerdealers and investment advisers should be just as robustand as wellcoordinatedas protocols used by the firms home office according to the Securities and Exchange Commissionpp
20230315T174500Z
By Kyle Brasseur
ppThe Securities and Exchange Commission proposed amendments to its regulation requiring brokerdealers investment companies and registered investment advisers to establish policies and procedures to safeguard customer records and informationpp
20240618T151000Z
By Aaron Nicodemus
ppTwo senior officials from the Securities and Exchange Commission and Commodity Futures Trading Commission described how both agencies are committed to rooting out offchannel communications among registered entities for the long termpp
20240617T134400Z
By Compliance Week
ppWilliam Donaldson a former chairman of the Securities and Exchange Commission died Tuesday He was 93pp
20240613T191200Z
By Kyle Brasseur
ppPresident Joe Biden selected a commissioner at the Commodity Futures Trading Commission as his preferred choice to lead the Federal Deposit Insurance Corporation in the aftermath of its toxic workplace culture scandalppSite powered by Webvision Cloudp
