Re: File No. S7-05-23 Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Customer Information
Dear Secretary Countryman,
The Securities Industry and Financial Markets Association ("SIFMA"), SIFMA Asset Management Group ("SIFMA AMG"), Bank Policy Institute ("BPI"), Institute of International Bankers ("IIB"), and American Bankers Association ("ABA"), (collectively, the "associations") appreciate the opportunity to respond to the proposed amendments to Regulation S-P issued by the Securities and Exchange Commission (the "Commission" or "SEC") on March 15, 2023 (the "Regulation S-P Proposal" or the "Proposal"). The associations welcome amendments to Regulation S-P to provide further clarity and guidance to its existing rules. Moreover, we appreciate the importance of strong cybersecurity practices for companies and our country, including appropriate notification of cybersecurity incidents to individuals.
The associations recommend that the Commission reconsider, based on the recommendations in this letter, certain aspects of its Regulation S-P Proposal, which at times is too prescriptive and does not provide enough flexibility to covered institutions in responding to the unique circumstances that can arise during an incident. Additionally, the Regulation S-P Proposal could be improved by taking into account the Commission’s other proposals related to cybersecurity, a covered institution’s need to comply with existing data breach notification laws, and the benefit of coordinating with law enforcement, cybersecurity, intelligence, and national security agencies during a security incident.
Download the joint comment letter to read the full text.