RIAs, BDs Must Tell Clients About Data Breaches: SEC

Leaked data breach

The Securities and Exchange Commission has updated its rules governing the way financial institutions treat consumers’ private personal information, adopting amendments reqiring firms to notify investors after data breaches.

The SEC announced Thursday that it modernized and enhanced Regulation S-P, which requires certain firms to notify customers about how the institutions use their nonpublic personal information.

The new amendments update the rules’ requirements for broker-dealers, investment companies, registered investment advisors and transfer agents and others, addressing the expanded use of technology and corresponding risks that have emerged since the SEC adopted Regulation S-P in 2000.

“Over the last 24 years, the nature, scale, and impact of data breaches has transformed substantially,” SEC Chair Gary Gensler said.

“These amendments to Regulation S-P will make critical updates to a rule first adopted in 2000 and help protect the privacy of customers’ financial data. The basic idea for covered firms is if you’ve got a breach, then you’ve got to notify. That’s good for investors.”

See also  How to File a Life Insurance Claim With Citizens National Life Insurance Company