Cybersecurity Amendments to Reg S-P

Key Takeaways: On May 16, 2024, the SEC finalized significant cybersecurity amendments to Regulation S-P that largely adopt the proposed amendments the SEC issued last year. Amended S-P represents a substantial expansion of the protections available to the customers of institutional securities market participants under the federal securities laws. The final rule establishes a new […]

Jun 3, 2024 - 19:55
0
Cybersecurity Amendments to Reg S-P
Posted by Charu Chandrasekhar, Johanna Skrzypczyk and Suchita Mandavilli Brundage, Debevoise & Plimpton LLP, on Monday, June 3, 2024
Editor's Note:

Charu Chandrasekhar is a Partner Johanna Skrzypczyk is Counsel, and Suchita Mandavilli Brundage is an at Associate Debevoise & Plimpton LLP. This post is based on a Debevoise memorandum by Ms. Chandrasekhar, Ms. Skrzypczyk, Ms. Brundage, Avi Gesser, Kristin Snyder, and Ned Terrace.

Key Takeaways:

  • On May 16, 2024, the SEC finalized significant cybersecurity amendments to Regulation S-P that largely adopt the proposed amendments the SEC issued last year.
  • Amended S-P represents a substantial expansion of the protections available to the customers of institutional securities market participants under the federal securities laws. The final rule establishes a new federal minimum standard for data breach notification at such firms, expands the definition of “customer information,” requires the adoption of policies and procedures for incident response and service provider oversight, and imposes new recordkeeping obligations.

(more…)

Read More