Regulation S-P Receives a Boost
The SEC’s recent amendments to Regulation S-P highlight the ongoing focus on data privacy and security. These changes directly impact how RIAs manage and protect client information. Here’s a breakdown of the key updates and what they mean for compliance efforts.
Background on Regulation S-P
Since 2000, Regulation S-P has required Registered Investment Advisers, Broker-Dealers, and Investment Companies to implement policies and procedures that protect client information. It also mandates providing clients with a Privacy Notice detailing data practices and an option to opt out of certain data-sharing activities.
In May 2024, the SEC adopted amendments to modernize Regulation S-P, reflecting the evolving landscape of cybersecurity threats and consumer privacy expectations. Here’s what’s new.

Key Updates to Regulation S-P
Third-Party Service Providers:
The amendments also impose greater responsibility on firms to ensure that third-party service providers with access to client information comply with the same privacy and security standards. This necessitates thorough due diligence and ongoing monitoring of vendor relationships.
Incident Response Program:
Financial institutions are now required to establish and maintain a written Incident Response Program. This program must be designed to detect, respond to, and recover from unauthorized access to client information. Notably, the rule now mandates notifying affected clients within 30 days of discovering unauthorized access. This requires having a robust network monitoring system and documented procedures in place.
Data Disposal Requirements:
The updated rule specifies that policies and procedures must include secure disposal methods for both digital and physical client information. This includes shredding paper documents and permanently deleting digital records to prevent unauthorized access. Reviewing and updating data disposal practices is essential for maintaining compliance.
Enhanced Privacy Notices:
Privacy Notices must now be more detailed, explaining how client information is collected, used, and shared. These notices are to be delivered annually, ensuring ongoing transparency. It’s crucial to review current Privacy Notices and update them as needed to meet the new requirements.
Why It Matters
These updates reflect the increasing importance of data security and client privacy. Strengthening privacy policies and procedures not only maintains compliance but also protects client trust and the firm’s reputation.
To effectively implement these changes, consider the following:
- Review and update incident response and data disposal procedures.
- Ensure Privacy Notices are clear, comprehensive, and compliant.
- Conduct thorough due diligence on third-party vendors.
- Communicate the changes effectively to clients.
Next Steps
Over the coming months, firms should evaluate and update their compliance policies to align with these new requirements. This includes revising incident response plans, enhancing data disposal practices, updating Privacy Notices, and auditing third-party vendor relationships.
Questions or challenges are likely to arise during this transition. Staying proactive and informed will be key to maintaining compliance and client confidence.
Final Thoughts
The recent updates to Regulation S-P emphasize the importance of cybersecurity and data privacy. By staying ahead of these regulatory changes, firms can enhance their approach to client data protection while safeguarding their reputation and trustworthiness.
Looking for more ways to keep your team up to date? Follow us on LinkedIn to stay in touch!
Sources: Stark & Stark Compliance Alert 05/30/2024
Categories
Recent Insights
-
One Big Beautiful Bill: Key Financial Impacts for LGBTQIA+ Households
On July 4, 2025, President Donald Trump signed the “One Big Beautiful Bill Act” into law—a wide-reaching piece of legislation that touches everything from tax rates and healthcare to education, housing, and family benefits. For LGBTQIA+ individuals and families, some of these changes may create new planning opportunities, while others may require a closer look…
-
What’s a Trump Account? A New Way to Build Financial Discipline—From Day One
The Trump Account isn’t a flashy new savings tool. In fact, that’s its strength. It’s structured, restrictive, and deliberately focused—and in a world of financial products that promise flexibility and quick access, that kind of design is rare. But for families who value discipline, long-term thinking, and intentional planning, it might be exactly what you’ve…
-
How Microsoft Teams Can Transform Your RIA Firm’s Efficiency and Compliance
In the competitive world of registered investment advisory (RIA) firms, effective communication and collaboration are key to delivering exceptional client service and maintaining regulatory compliance. Before the pandemic, in-person collaboration was the norm at our firm, but with the transition to a fully remote office, we needed a secure internal communication platform. Today, as many…
-
One Big Beautiful Bill: How Trump’s Tax Overhaul Impacts American Families and Businesses
On July 4th, 2025, President Donald Trump signed into law the “One Big Beautiful Bill Act,” a sweeping piece of legislation that reshapes the American tax landscape and introduces a range of economic, social, and regulatory reforms. Below is an examination of the bill’s key provisions. Key Provisions of the “Big Beautiful Bill” 1. Permanent Extension and Expansion…
-
Talk Your Chart | From Saunas to Stock Surges: Market Recoveries, Margin Resilience & Rate Watch | Episode 69
In Episode 69 of Talk Your Chart, Brett and Marcos unpack the surprising speed of the recent market recovery, debate the timing vs. time-in-market mindset, explore political biases in investing, and analyze how corporate margins and U.S. debt are shaping investor decisions in 2025. Charts available for download here.