BreachExchange mailing list archives
Re: SEC Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information
From: "Miller, Terry" <Terry.Miller () finra org>
Date: Wed, 12 Mar 2008 13:32:42 -0400
If you're really interested, here is a link to the webcast of the Chairman's comments. Click on "Regulation S-P: Privacy of Consumer Financial Information" under March 4. http://www.sec.gov/news/openmeetings.shtml -----Original Message----- From: Mark Simon [mailto:msimon2 () eclipsecurityllc com] Sent: Wednesday, March 12, 2008 12:31 PM To: Miller, Terry; Rob Shavell; dataloss () attrition org Subject: SEC Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information Terry- Thanks for calling to our attention proposed amendments to SEC Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information. I have some additional information I'd like to add to your posting. The SEC is seeking comments on its proposed amendments at http://www.sec.gov/cgi-bin/ruling-comments?ruling=s70608&rule_path=/comm ents/s7-06-08&file_num=S7-06-08&action=Show_Form&title=Part%20248%20-%20 Regulation%20S-P:%20Privacy%20of%20Consumer%20Financial%20Information%20 and%20Safeguarding%20Personal%20Information The amendments are expected to affect more than 17,000 covered institutions. The proposal is at http://www.sec.gov/rules/proposed/2008/34-57427.pdf Prompting the proposal is the following finding by the SEC: "We have become concerned with the significant increase in the number of information security breaches that have come to light in recent years and the potential created by such breaches for misuse of personal financial information, including identity theft. We are concerned that some firms do not regularly reevaluate and update their safeguarding programs to deal with increasingly sophisticated methods of attack. To help prevent and address security breaches at covered institutions, we propose to require more specific standards for safeguarding personal information, including standards for responding to data security breaches." The SEC has yet to publish its proposed regulatory amendments in the Federal Register. Once publication occurs, there will be a 60-day comment period. The regulation amendments could take effect shortly thereafter. -- Mark S. Simon, Director of Regulatory Compliance Consulting Eclipsecurity, LLC Mobile: (224) 612-3101 Office: (847) 850-5088 Toll Free: (877) 369-5331 www.eclipsecurityLLC.com -----Original Message----- From: dataloss-bounces () attrition org [mailto:dataloss-bounces () attrition org] On Behalf Of Miller, Terry Sent: Wednesday, March 12, 2008 9:16 AM To: Rob Shavell; dataloss () attrition org Subject: Re: [Dataloss] A data security breach legislation question Note that on March 4 the SEC proposed expanding privacy Regulation S-P which is based on GLBA. The proposed expansion, which is based in large part on existing banking and FTC regulations, would include a national notification requirement. The requirement may preempt certain state laws which allow for such preemption. Here is the proposal, which is now out for comment. http://www.sec.gov/rules/proposed/2008/34-57427.pdf Terry This email, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this email is not the intended recipient or his or her authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this email is prohibited. If you have received this email in error, please notify the sender by replying to this message and delete this email immediately. _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- Re: A data security breach legislation question, (continued)
- Message not available
- Re: A data security breach legislation question Al Mac Wheel (Mar 10)
- Re: A data security breach legislation question Anthony Franks (Mar 10)
- Re: A data security breach legislation question Mike Simon (Mar 10)
- Re: A data security breach legislation question Rebecca Herold (Mar 10)
- Re: A data security breach legislation question Privacy Laws (Mar 10)
- Re: A data security breach legislation question Rebecca Herold (Mar 10)
- Re: A data security breach legislation question Susan Orr (Mar 10)
- Re: A data security breach legislation question Rob Shavell (Mar 12)
- Re: A data security breach legislation question Miller, Terry (Mar 12)
- SEC Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information Mark Simon (Mar 12)
- Re: SEC Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information Miller, Terry (Mar 12)
- Re: A data security breach legislation question Rebecca Herold (Mar 12)
- Re: A data security breach legislation question Craig Muller (Mar 12)
- Re: A data security breach legislation question Michael Hill, CITRMS (Mar 12)
- Re: A data security breach legislation question Beth Givens (Mar 12)
- Re: A data security breach legislation question Peyton, Janet P. (Mar 12)
- Re: A data security breach legislation question Chris Walsh (Mar 12)