Regulation S-P Receives a Boost
The SEC’s recent amendments to Regulation S-P highlight the ongoing focus on data privacy and security. These changes directly impact how RIAs manage and protect client information. Here’s a breakdown of the key updates and what they mean for compliance efforts.
Background on Regulation S-P
Since 2000, Regulation S-P has required Registered Investment Advisers, Broker-Dealers, and Investment Companies to implement policies and procedures that protect client information. It also mandates providing clients with a Privacy Notice detailing data practices and an option to opt out of certain data-sharing activities.
In May 2024, the SEC adopted amendments to modernize Regulation S-P, reflecting the evolving landscape of cybersecurity threats and consumer privacy expectations. Here’s what’s new.

Key Updates to Regulation S-P
Third-Party Service Providers:
The amendments also impose greater responsibility on firms to ensure that third-party service providers with access to client information comply with the same privacy and security standards. This necessitates thorough due diligence and ongoing monitoring of vendor relationships.
Incident Response Program:
Financial institutions are now required to establish and maintain a written Incident Response Program. This program must be designed to detect, respond to, and recover from unauthorized access to client information. Notably, the rule now mandates notifying affected clients within 30 days of discovering unauthorized access. This requires having a robust network monitoring system and documented procedures in place.
Data Disposal Requirements:
The updated rule specifies that policies and procedures must include secure disposal methods for both digital and physical client information. This includes shredding paper documents and permanently deleting digital records to prevent unauthorized access. Reviewing and updating data disposal practices is essential for maintaining compliance.
Enhanced Privacy Notices:
Privacy Notices must now be more detailed, explaining how client information is collected, used, and shared. These notices are to be delivered annually, ensuring ongoing transparency. It’s crucial to review current Privacy Notices and update them as needed to meet the new requirements.
Why It Matters
These updates reflect the increasing importance of data security and client privacy. Strengthening privacy policies and procedures not only maintains compliance but also protects client trust and the firm’s reputation.
To effectively implement these changes, consider the following:
- Review and update incident response and data disposal procedures.
- Ensure Privacy Notices are clear, comprehensive, and compliant.
- Conduct thorough due diligence on third-party vendors.
- Communicate the changes effectively to clients.
Next Steps
Over the coming months, firms should evaluate and update their compliance policies to align with these new requirements. This includes revising incident response plans, enhancing data disposal practices, updating Privacy Notices, and auditing third-party vendor relationships.
Questions or challenges are likely to arise during this transition. Staying proactive and informed will be key to maintaining compliance and client confidence.
Final Thoughts
The recent updates to Regulation S-P emphasize the importance of cybersecurity and data privacy. By staying ahead of these regulatory changes, firms can enhance their approach to client data protection while safeguarding their reputation and trustworthiness.
Looking for more ways to keep your team up to date? Follow us on LinkedIn to stay in touch!
Sources: Stark & Stark Compliance Alert 05/30/2024
Categories
Recent Insights
-
Secure Your Legacy: Why Naming a Beneficiary for Your 401(k) Matters
When you participate in a 401(k) plan, you’re taking a significant step toward securing your financial future. But there’s an equally important, often overlooked, aspect of managing your plan: naming a beneficiary. This simple action ensures your loved ones are protected and minimizes complications if the unexpected happens. Here’s why it matters for both you…
-
A Memo from our Chief Investment Officer | March 2025
Market headlines can be overwhelming, especially in times of uncertainty. At Evensky & Katz / Foldes, we understand that economic shifts, policy changes, and market fluctuations can trigger real concerns about your financial future. In the letter below, our Chief Investment Officer, Lane Jones, shares insights on the current market environment, the impact of recent…
-
Ways to Talk Yourself off the Ledge When the Entire Market Seems Like it’s Falling to Pieces
Nobody likes to see their investments decline, especially during retirement when going back to work may not be an option. The first step is not to panic. Staying calm and rational can help you make better decisions. Market volatility is normal, and remember, markets can shift quickly in the other direction. In fact, 70% of…
-
Our Prediction Addiction
If you’ve ever felt the thrill of calling the market right—or the sting of getting it wrong—you’re not alone. As humans, we have an innate desire to predict, to control, and to feel like we’re ahead of the game. But here’s the hard truth: predicting the market is, more often than not, a fool’s errand.…
-
Roth vs. Pre-Tax 401(k): Which Contribution Strategy is Right for You?
When it comes to saving for retirement, one of the most important decisions you’ll make is whether to contribute to a pre-tax or Roth 401(k). Your choice could have a significant impact on your future tax situation, and understanding the difference is key to making the best decision for your financial future. In this post,…