Privacy | Capital Markets | Securities Regulation

Another Privacy Tightening Rule from the SEC

More administrative burden on business, or is there a rationale?

Kemal M. Lepschoque, LL.M.
Friendly Legal
Published in
6 min readJun 12, 2024

--

The U.S. Securities and Exchange Commission (SEC) made some new rules to Regulation S-P on May 16, 2024, to better protect customer information in the financial sector. These rules now require certain financial groups, like broker-dealers, investment companies, and SEC-registered advisers (“covered institutions”), to create clear plans for dealing with unauthorized access to customer data.

These covered institutions also need to quickly tell customers if their sensitive personal information might be at risk because of a security problem.

The updates fix older rules by making more types of covered institutions responsible for alerting customers about data breaches. Before, some institutions didn’t have to do this under the guidelines set in 2005.

Another lengthy update from the SEC 📚Copyright by author © (created with Canva assistance)

What Has Changed?

Response Program

The new regulations mandate that covered institutions establish an incident response program. The program is designed to quickly detect, handle, and recover from any unauthorized access to customer data. Here’s what needs to be done:

--

--

Kemal M. Lepschoque, LL.M.
Friendly Legal

Lawyer | Traveller | Polyglot | 27 x Boosted ✨ adept at simplifying complex juridical concepts into human-friendly language & 60+ countries visited