SEC requires financial institutions to notify customers of breaches within 30 days

The Securities and Exchange Commission announced the adoption of amendments to Regulation S-P to modernize and enhance the rules that govern the treatment of consumers’ nonpublic personal information by certain financial institutions.

“These amendments to Regulation S-P will make critical updates to a rule first adopted in 2000 and help protect the privacy of customers’ financial data. The basic idea for covered firms is if you’ve got a breach, then you’ve got to notify. That’s good for investors.”

The amendments require covered institutions to develop, implement, and maintain written policies and procedures for an incident response program that is reasonably designed to detect, respond to, and recover from unauthorized access to or use of customer information.

The amendments also require that the response program include procedures for, with certain limited exceptions, covered institutions to provide notice to individuals whose sensitive customer information was or is reasonably likely to have been accessed or used without authorization.

The amendments require a covered institution to provide notice as soon as practicable, but not later than 30 days, after becoming aware that an incident involving unauthorized access to or use of customer information has occurred or is reasonably likely to have occurred.

The amendments will become effective 60 days after publication in the Federal Register.

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.
This field is for validation purposes and should be left unchanged.

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:
GET STARTED TODAY

Tell us About your Needs
Get an Answer the Same Business Day

Got an urgent request? Call us at 1-877-805-7475 or Book a meeting.

What happens next:

  • We reach out to learn about your objectives
  • We work together to define your project’s scope
  • You get an all-inclusive, no engagement proposal
PCI-DSS
This field is for validation purposes and should be left unchanged.

BOOK A MEETING

Enter your Email Address

This field is for validation purposes and should be left unchanged.

* No free email provider (e.g: gmail.com, hotmail.com, etc.)

2024 EDITION

PENETRATION TESTING Buyer's Guide

Everything You Need to Know

Gain confidence in your future cybersecurity assessments by learning to effectively plan, scope and execute projects.
This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.