Page 27 - 期货和衍生品行业监管动态(2024年5月)
P. 27

期货和衍生品行业监管动态




                   SEC Adopts Rule Amendments to Regulation S-P to Enhance Protection of
                   Customer Information (2024/5/16)



                        The Securities and Exchange Commission today announced the adoption of

                   amendments to Regulation S-P to modernize and enhance the rules that govern the

                   treatment of consumers’ nonpublic personal information by certain financial

                   institutions. The amendments update the rules’ requirements for broker-dealers

                   (including funding portals), investment companies, registered investment advisers,

                   and transfer agents (collectively, “covered institutions”) to address the expanded use

                   of technology and corresponding risks that have emerged since the Commission

                   originally adopted Regulation S-P in 2000.


                        “Over the last 24 years, the nature, scale, and impact of data breaches has

                   transformed substantially,” said SEC Chair Gary Gensler. “These amendments to

                   Regulation S-P will make critical updates to a rule first adopted in 2000 and help

                   protect the privacy of customers’ financial data. The basic idea for covered firms is if

                   you’ve got a breach, then you’ve got to notify. That’s good for investors.”


                        The amendments require covered institutions to develop, implement, and


                   maintain written policies and procedures for an incident response program that is
                   reasonably designed to detect, respond to, and recover from unauthorized access to or


                   use of customer information. The amendments also require that the response program

                   include procedures for, with certain limited exceptions, covered institutions to provide

                   notice to individuals whose sensitive customer information was or is reasonably likely

                   to have been accessed or used without authorization.


                        The amendments require a covered institution to provide notice as soon as

                   practicable, but not later than 30 days, after becoming aware that an incident

                   involving unauthorized access to or use of customer information has occurred or is

                   reasonably likely to have occurred. The notice must include details about the incident,

                   the breached data, and how affected individuals can respond to the breach to protect



                                                             15
   22   23   24   25   26   27   28   29   30   31   32