Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Customer Information
This new proposal from the SEC would revise Reg S-P to require IAs, ICs and B-Ds to "adopt written policies and procedures for incident response programs to address unauthorized access to or use of customer information, including procedures for providing timely notification to individuals affected by an incident involving sensitive customer information with details about the incident and information designed to help affected individuals respond appropriately"