ARTICLE
20 May 2024

SEC Adopts Enhanced Privacy Safeguards

KG
K&L Gates

Contributor

K&L Gates logo
At K&L Gates, we foster an inclusive and collaborative environment across our fully integrated global platform that enables us to diligently combine the knowledge and expertise of our lawyers and policy professionals to create teams that provide exceptional client solutions. With offices spanning across five continents, we represent leading global corporations in every major industry, capital markets participants, and ambitious middle-market and emerging growth companies. Our lawyers also serve public sector entities, educational institutions, philanthropic organizations, and individuals. We are leaders in legal issues related to industries critical to the economies of both the developed and developing worlds—including technology, manufacturing, financial services, health care, energy, and more.
Explore
On 16 May 2024, the US Securities and Exchange Commission (SEC) adopted amendments to Regulation S-P's safeguards and disposal rules.
United States Corporate/Commercial Law
Photo of Richard F. Kerr
Photo of Brian Doyle-Wenger
Photo of Sasha Burstein
Authors
To print this article, all you need is to be registered or login on Mondaq.com.

On 16 May 2024, the US Securities and Exchange Commission (SEC) adopted amendments to Regulation S-P's safeguards and disposal rules. The amendments are designed to address the expanded use of technology and corresponding risks that have emerged since the original adoption of Regulation S-P in 2000. The amendments expand the scope of information and broaden the number of customers protected under both rules. The safeguards and disposal rule will apply to "customer information", which includes records that contain "nonpublic personal information" as defined in the existing rule. Additionally, the amended rule expands the applicability of the safeguards rule to include transfer agents, and the disposal rules to include all transfer agents including those registered with appropriate regulatory authorities other than the SEC.

Under the amended safeguards rule, brokers-dealers (including crowdfunding portals), investment companies, transfer agents and registered investment advisers will be required to:

  • Have written policies and procedures for an incident response program that is reasonably designed to detect, respond to, and recover from an unauthorized access to or use of customer information.
  • Notify individuals whose sensitive customer information was or is reasonably likely to have been accessed or used without authorization as soon as reasonably practicable, but not later than 30 days after becoming aware that unauthorized access has or reasonably likely has occurred.
  • Have policies and procedures designed to oversee monitoring of service providers.

The effective date for the amendments will be 60 days after publication in the Federal Register, with compliance dates of 18 months for investment companies with net assets of US$1 billion or more, registered investment advisers with assets under management of US$1.5 billion or more, and broker-dealers and transfer agents that are not small entities under the Securities Exchange Act of 1934. Other covered institutions will have 24 months after publication in the Federal Register to comply with the new rules. We will provide more details on the amendments in an upcoming client alert.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Richard F. Kerr
Richard F. Kerr
Photo of Brian Doyle-Wenger
Brian Doyle-Wenger
Photo of Sasha Burstein
Sasha Burstein
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More