United States of America: Adopted SEC proposal to amend Regulation S-P to enhance protection of customer information

On 16 May 2024, the US Securities and Exchange Commission (SEC) adopted the amendments to Regulation S-P Privacy of Consumer Financial Information and Safeguarding Personal Information. The amendments aim to enhance the protection of customer information by requiring broker-dealers, investment companies, registered investment advisers, and transfer agents to adopt written policies and procedures for incident response programs to address unauthorised access to or use of customer information. The amendment also requires the institutions to provide notice, as soon as practicable, to individuals affected by certain data breaches that could put them at risk of identity theft or other harm. Furthermore, under the amendments, the protections of the safeguards and disposal rules will be extended to both non-public personal information that an institution collects about its own customers and to non-public personal information that an institution receives about customers of other financial institutions. The amendments will become effective 60 days after publication in the Federal Register.