The US Securities and Exchange Commission (SEC) issued a notice of proposed rulemaking (the Proposal) on March 15 that would require SEC-regulated investment advisers, investment companies, and broker dealers to provide notice to individuals affected by certain types of data breaches, along with other related requirements. The Proposal was part of a spate of privacy proposals issued by the SEC and follows other recent proposals.
Currently, the SEC’s Regulation S-P “Safeguards Rule” requires SEC-regulated investment advisers, investment companies, and broker dealers (collectively, Covered Entities) to adopt written policies and procedures for administrative, technical, and physical safeguards to protect customer records and information, but it does not include a requirement to notify affected individuals in the event of a data breach. Covered Entities generally respond to data breaches according to applicable state data breach notification laws.
DETAILS
The Proposal would require Covered Entities to notify individuals whose sensitive customer information was or is reasonably likely to have been accessed or used without authorization.
It would also require covered…
