Page 25 - 期貨和衍生品行業(yè)監管動(dòng)態(tài)(2024年5月)
P. 25
期貨和衍生品行業(yè)監管動(dòng)態(tài)
SEC Adopts Rule Amendments to Regulation S-P to Enhance Protection of
Customer Information (2024/5/16)
The Securities and Exchange Commission today announced the adoption of
amendments to Regulation S-P to modernize and enhance the rules that govern the
treatment of consumers’ nonpublic personal information by certain financial
institutions. The amendments update the rules’ requirements for broker-dealers
(including funding portals), investment companies, registered investment advisers,
and transfer agents (collectively, “covered institutions”) to address the expanded use
of technology and corresponding risks that have emerged since the Commission
originally adopted Regulation S-P in 2000.
“Over the last 24 years, the nature, scale, and impact of data breaches has
transformed substantially,” said SEC Chair Gary Gensler. “These amendments to
Regulation S-P will make critical updates to a rule first adopted in 2000 and help
protect the privacy of customers’ financial data. The basic idea for covered firms is if
you’ve got a breach, then you’ve got to notify. That’s good for investors.”
The amendments require covered institutions to develop, implement, and
maintain written policies and procedures for an incident response program that is
reasonably designed to detect, respond to, and recover from unauthorized access to or
use of customer information. The amendments also require that the response program
include procedures for, with certain limited exceptions, covered institutions to provide
notice to individuals whose sensitive customer information was or is reasonably likely
to have been accessed or used without authorization.
The amendments require a covered institution to provide notice as soon as
practicable, but not later than 30 days, after becoming aware that an incident
involving unauthorized access to or use of customer information has occurred or is
reasonably likely to have occurred. The notice must include details about the incident,
the breached data, and how affected individuals can respond to the breach to protect
15