In an effort stop identity theft and intrusions into online brokerage accounts, the SEC has proposed amendments to Regulation S-P to provide more specific requirements for protecting personal information. Regulation S-P requires certain institutions to safeguard customer records and information. It was adopted in 2000 in direct response to the Gramm-Leach-Bliley Act, which requires every financial institution to inform its customers about its privacy policies and imposes limits on the disclosure of personal customer information to third parties.
The proposed amendments to Regulation S-P create more specific requirements for protecting information and responding to security breaches, including requiring financial institutions to designate which employees coordinate information security programs. The amendments also broaden the scope of the disposal of customer records and information and the requirements for such disposal. The SEC has specifically requested comment on what should be considered “personal information.”
Finally, the amendments permit some transfer of information to third parties without notice to the investor when the investor follows a representative who moves from one brokerage or advisory firm to another. The proposed exemption would allow firms with departing representatives to share limited customer information with the new firm for use in contacting the investor and offering a choice about whether to follow the representative to the new firm. The proposal is presented as a way of maximizing choice for the investor.
The SEC is accepting comments for 60 days from publication. Presumably some comments will address what the new rules mean in terms of the costs of compliance.