The SEC proposed amendments to Regulation S-P, which implements the privacy provisions of the Gramm-Leach-Bliley Act (GLBA) and the Fair Credit Reporting Act for entities regulated by the SEC. The proposed amendments would set forth more specific requirements for safeguarding information and responding to information security breaches, and broaden the scope of the information covered by Regulation S-P's safeguarding and disposal provisions. They also would extend the application of the disposal provisions to natural persons associated with brokers, dealers, investment advisers and transfer agents registered with the SEC. Comments must be received on or before May 12, 2008.
Regulation S-P requires institutions to safeguard customer records and information, while other sections of the regulation implement the notice and opt out provisions of the GLBA. The safeguards rule currently requires institutions to adopt written policies and procedures for administrative, technical and physical safeguards to protect customer records and information. In an attempt to prevent and address security breaches in the securities industry, the SEC proposes to amend Regulation S-P in four principal ways:
- Require more specific standards under the safeguards rule, including standards that would apply to data security breach incidents;
- Amend the scope of the information covered by the safeguards and disposal rules and to broaden the types of institutions and persons covered by the rules;
- Require institutions subject to the safeguards and disposal rules to maintain written records of their policies and procedures and their compliance with those policies and procedures; and
- Adopt a new exception from Regulation S-P's notice and opt-out requirements to allow investors more easily to follow a representative who moves from one brokerage or advisory firm to another.
Please click http://sec.gov/rules/proposed/2008/34-57427.pdf for a copy of proposing release.