Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Customer Information

The Securities and Exchange Commission (“Commission” or “SEC”) is adopting rule amendments that will require brokers and dealers (or “broker-dealers”), investment companies, investment advisers registered with the Commission (“registered investment advisers”), funding portals, and transfer agents registered with the Commission or another appropriate regulatory agency (“ARA”) as defined in the Securities Exchange Act of 1934 (“transfer agents”) to adopt written policies and procedures for incident response programs to address unauthorized access to or use of customer information, including procedures for providing timely notification to individuals affected by an incident involving sensitive customer information with details about the incident and information designed to help affected individuals respond appropriately. In addition, the amendments extend the application of requirements to safeguard customer records and information to transfer agents; broaden the scope of information covered by the requirements for safeguarding customer records and information and for properly disposing of consumer report information; impose requirements to maintain written records documenting compliance with the amended rules; and conform annual privacy notice delivery provisions to the terms of an exception provided by a statutory amendment to the Gramm-Leach-Bliley Act (“GLBA”).