Insight

In case you thought that the SEC’s interest in cybersecurity breaches was limited to public companies, think again. On May 16, 2024, the SEC adopted amendments to Regulation S-P, which governs the treatment of nonpublic personal information about customers by certain financial institutions. The amendments apply to broker-dealers (including funding portals), investment companies, registered investment advisers, and transfer agents. Specifically, they:

  • require covered institutions to develop, implement, and maintain written policies and procedures for an incident response program that is reasonably designed to detect, respond to, and recover from unauthorized access to or use of customer information;
  • require response programs to include procedures for covered institutions to provide timely notification to affected individuals whose sensitive customer information was, or is reasonably likely to have been, accessed or used without authorization; and
  • broaden the scope of information covered by Regulation S-P's requirements.

The amendments also:

  • expand and align the safeguards and disposal rules to cover both nonpublic personal information that a covered institution collects about its own customers and nonpublic personal information it receives from another financial institution about customers of that financial institution;
  • require covered institutions, other than funding portals, to make and maintain written records documenting compliance with the requirements of the safeguards rule and disposal rule;
  • conform Regulation S-P’s annual privacy notice delivery provisions to the terms of an exception added by the FAST Act, which provides that covered institutions are not required to deliver an annual privacy notice if certain conditions are met; and
  • extend both the safeguards rule and the disposal rule to transfer agents registered with the Commission or another appropriate regulatory agency.

Larger entities will have 18 months following publication of the final rules in the Federal Register to comply with the amendments; smaller entities will have 24 months from the date of such publication to comply.

Please direct any questions or observations to Gunster securities law and corporate governance practice leader Bob Lamm or its banking and financial services practice leader, Greg Bader.


YES! PLEASE SIGN ME UP TO RECEIVE EMAIL ALERTS FROM OTHER GUNSTER PRACTICE AREAS.

This publication is for general information only. It is not legal advice, and legal counsel should be contacted before any action is taken that might be influenced by this publication.

About Gunster
Gunster, Florida’s law firm for business, provides full-service legal counsel to leading organizations and individuals from its 13 offices statewide. Established in 1925, the firm has expanded, diversified and evolved, but always with a singular focus: Florida and its clients’ stake in it. A magnet for business-savvy attorneys who embrace collaboration for the greatest advantage of clients, Gunster’s growth has not been at the expense of personalized service but because of it. The firm serves clients from its offices in Boca Raton, Fort Lauderdale, Jacksonville, Miami, Naples, Orlando, Palm Beach, Stuart, Tallahassee, Tampa Bayshore, Tampa Downtown, Vero Beach, and its headquarters in West Palm Beach. With more than 280 attorneys and consultants, and over 290 committed support staff, Gunster is ranked among the National Law Journal’s list of the 500 largest law firms and has been recognized as one of the Top 100 Diverse Law Firms by Law360. More information about its practice areas, offices and insider’s view newsletters is available at www.gunster.com

Related Professionals

Jump to Page

Gunster Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. For more information about how we use Cookies, please see our Privacy Policy.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek