Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Customer Information

Document Headings Document headings vary by document type but may contain the following: the agency or agencies that issued and signed a document the number of the CFR title and the number of each part the document amends, proposes to amend, or is directly related to the agency docket number / agency internal file number the RIN which identifies each regulatory action listed in the Unified Agenda of Federal Regulatory and Deregulatory Actions See the Document Drafting Handbook for more details. Securities and Exchange Commission 17 CFR Parts 240, 248, 270, and 275 [Release Nos. 34-100155; IA-6604; IC-35193; File No. S7-05-23] RIN 3235-AN26 AGENCY: Securities and Exchange Commission. ACTION: Final rule. SUMMARY: The Securities and Exchange Commission (“Commission” or “SEC”) is adopting rule amendments that will require brokers and dealers (or “broker-dealers”), investment companies, investment advisers registered with the Commission (“registered investment advisers”), funding portals, and transfer agents registered with the Commission or another appropriate regulatory agency (“ARA”) as defined in the Securities Exchange Act of 1934 (“transfer agents”) to adopt written policies and procedures for incident response programs to address unauthorized access to or use of customer information, including procedures for providing timely notification to individuals affected by an incident involving sensitive customer information with details about the incident and information designed to help affected individuals respond appropriately. In addition, the amendments extend the application of requirements to safeguard customer records and information to transfer agents; broaden the scope of information covered by the requirements for safeguarding customer records and information and for properly disposing of consumer report information; impose requirements to maintain written records documenting compliance wit…