Skip to main content

What We Do

May 16, 2024


WASHINGTON, D.C.—Today, the U.S. Securities and Exchange Commission (SEC) adopted rule amendments to ensure that financial institutions better protect the sensitive personal information of their customers and alert those customers when a data breach occurs.  Director of Securities Policy Benjamin Schiffrin released the following statement:

“Protecting the sensitive personal information of consumers and investors is essential to ensuring confidence in the integrity and safety of our financial markets. Main Street Americans today face unprecedented threats from data breaches that expose them to identity theft. By requiring that broker-dealers, investment companies, and registered investment advisers have policies and procedures for detecting and responding to data breach incidents and for notifying customers of those breaches, the rule amendments that the SEC adopted today provide better protections for sensitive customer information and empower affected individuals to proactively limit the negative effects of a breach.

“The SEC’s rule amendments will therefore help prevent, and mitigate the harm from data breaches. They will do so by requiring financial firms to have an incident response program.  This program must include procedures to assess the nature and scope of any incident and to take the appropriate steps to contain and control the incident to prevent further harm.  Perhaps most importantly, financial firms must notify individuals whose sensitive personal information was accessed or used without authorization. This notification must occur within 30 days. The requirement that customers receive timely notifications in the event of the unauthorized access to or use of their sensitive personal information will enable these individuals to act expeditiously to protect themselves from identity theft or other harm.

“As we said in our comment letter, prior to today’s rule amendments, no SEC rules required broker-dealers, investment companies, or registered investment advisers to have a program for responding to data breaches.  This regulatory gap posed unnecessary risks to America’s investors.  The SEC’s action today fills that gap and reduces the risk of harm to customers from the unauthorized access to or use of their sensitive personal information.”

See our comment letter for more information.


Donate Today!

Contact Us

For media inquiries, please contact or 202-618-6433.

To sign up for our email newsletter, please visit this page.

This field is for validation purposes and should be left unchanged.

Sign Up — Stay Informed With Our Monthly Newsletter

"* (Required)" indicates required fields

This field is for validation purposes and should be left unchanged.

For media inquiries,

please contact or 202-618-6433.


Help us fight for the public interest in our financial markets, protecting Main Street from Wall Street and avoiding another costly financial collapse and economic crisis, by making a donation today.

Donate Today