Regulation S-P Changes: What You Need to Know

On May 16, 2024, the Securities and Exchange Commission (“SEC”) adopted significant amendments to Regulation S-P (“Reg S-P”). Among other changes, these amendments require covered institutions to create written policies and procedures for incident response programs addressing unauthorized access to or use of customer data.

What is Regulation S-P?

Reg S-P is a set of privacy rules governing the handling of consumers’ nonpublic personal information by covered financial institutions. Covered institutions include broker-dealers, investment companies, SEC-registered investment advisers, funding portals, and SEC-registered transfer agents.

Why These Amendments Matter

Reg S-P, originally adopted in 2000, set foundational standards for how financial institutions safeguard customer information. The data security landscape has drastically changed over the past two decades, and technological advancements have facilitated the management of data at the cost of easier unauthorized access to personal information, increasing risks of data breaches and identity theft. With financial institutions managing increasing amounts of digital information and facing ever more complex cyber-criminal activity, robust data protection mechanisms are crucial. With these amendments, the SEC aims to modernize and enhance consumer financial information protection in light of today’s cybersecurity challenges.

  • Erwin Shustak
    Commercial Arbitration and Commercial Litigation in California

    Erwin Shustak

    goldErwin is a gold member
    finalist 2016Erwin was Member of the Year finalist in 2016