On March 15, 2023 the U.S. Securities and Exchange Commission (“SEC”) released its proposal to amend Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Customer Information, while simultaneously issuing two additional cybersecurity-related rule proposals[1] and re-opening the comment period for its previously-proposed cybersecurity risk management rule released in February 2022.[2] This set of sweeping reforms makes it clear, if not already, that the SEC is serious about implementing comprehensive cybersecurity and privacy standards across its regulated entity population—including investment advisers.
Regulation S-P
Privacy in the Time of Pandemic: COVID-19 Provides Opportunity to Revisit Regulation S-P Privacy Policies
With more people working remotely than ever before in light of COVID-19, firms in the private equity and hedge fund space should review their Regulation S-P privacy and information-safeguarding policies to ensure they are compliant and ready for a prolonged period of remote work. In particular, in view of SEC guidance, firms should focus on several key areas including personal devices and personally identifiable information.