[Dataloss] SEC Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information

Miller, Terry Terry.Miller at finra.org
Wed Mar 12 17:32:42 UTC 2008 

If you're really interested, here is a link to the webcast of the
Chairman's comments.  Click on "Regulation S-P: Privacy of Consumer
Financial Information" under March 4.

http://www.sec.gov/news/openmeetings.shtml

-----Original Message-----
From: Mark Simon [mailto:msimon2 at eclipsecurityllc.com] 
Sent: Wednesday, March 12, 2008 12:31 PM
To: Miller, Terry; Rob Shavell; dataloss at attrition.org
Subject: SEC Regulation S-P: Privacy of Consumer Financial Information
and Safeguarding Personal Information

Terry-

Thanks for calling to our attention proposed amendments to SEC
Regulation S-P: Privacy of Consumer Financial Information and
Safeguarding Personal Information.  I have some additional information
I'd like to add to your posting.

The SEC is seeking comments on its proposed amendments at
http://www.sec.gov/cgi-bin/ruling-comments?ruling=s70608&rule_path=/comm
ents/s7-06-08&file_num=S7-06-08&action=Show_Form&title=Part%20248%20-%20
Regulation%20S-P:%20Privacy%20of%20Consumer%20Financial%20Information%20
and%20Safeguarding%20Personal%20Information

The amendments are expected to affect more than 17,000 covered
institutions.  The proposal is at
http://www.sec.gov/rules/proposed/2008/34-57427.pdf  Prompting the
proposal is the following finding by the SEC:

"We have become concerned with the significant increase in the number of
information security breaches that have come to light in recent years
and the potential created by such breaches for misuse of personal
financial information, including identity theft. We are concerned that
some firms do not regularly reevaluate and update their safeguarding
programs to deal with increasingly sophisticated methods of attack. To
help prevent and address security breaches at covered institutions, we
propose to require more specific standards for safeguarding personal
information, including standards for responding to data security
breaches." 

The SEC has yet to publish its proposed regulatory amendments in the
Federal Register.  Once publication occurs, there will be a 60-day
comment period.  The regulation amendments could take effect shortly
thereafter.

--
Mark S. Simon, Director of Regulatory Compliance Consulting 
Eclipsecurity, LLC
Mobile: (224) 612-3101
Office: (847) 850-5088
Toll Free: (877) 369-5331

www.eclipsecurityLLC.com


-----Original Message-----
From: dataloss-bounces at attrition.org
[mailto:dataloss-bounces at attrition.org] On Behalf Of Miller, Terry
Sent: Wednesday, March 12, 2008 9:16 AM
To: Rob Shavell; dataloss at attrition.org
Subject: Re: [Dataloss] A data security breach legislation question

Note that on March 4 the SEC proposed expanding privacy Regulation S-P
which is based on GLBA.  The proposed expansion, which is based in large
part on existing banking and FTC regulations, would include a national
notification requirement.  The requirement may preempt certain state
laws which allow for such preemption.    

Here is the proposal, which is now out for comment.

http://www.sec.gov/rules/proposed/2008/34-57427.pdf

Terry


This email, including attachments, may include confidential and/or
proprietary information, and may be used only by the person or entity
to which it is addressed.  If the reader of this email is not the 
intended recipient or his or her authorized agent, the reader is 
hereby notified that any dissemination, distribution or copying of this 
email is prohibited. If you have received this email in error, 
please notify the sender by replying to this message and delete this 
email immediately.

More information about the Dataloss mailing list