PRIVACY RISK ASSESSMENT (SEC REGULATION S-P)
The SEC recently proposed changes to its Privacy rule, Regulation S-P (to access the proposed rule, please click here). The proposed amendments would require broker-dealers to develop, implement and maintain a comprehensive "information security program," including written policies and procedures that provide administrative, technical, and physical safeguards for protecting personal information, and for responding to unauthorized access to or use of personal information. Institutions subject to the proposed rule would be required, for the first time, to:
  • Identify in writing reasonably foreseeable security risks that could result in the unauthorized disclosure, misuse, alteration, destruction or other compromise of personal information or personal information systems;
  • Regularly test or otherwise monitor and document in writing the effectiveness of the safeguards’ key controls, systems, and procedures, including the effectiveness of access controls on personal information systems, controls to detect, prevent and respond to attacks, or intrusions by unauthorized persons, and employee training and supervision;
  • Train staff to implement the information security program;
  • Oversee service providers by taking reasonable steps to select and retain service providers capable of maintaining appropriate safeguards for the personal information at issue, and require service providers by contract to implement and maintain appropriate safeguards (and document such oversight in writing); and
  • Evaluate and adjust their information security programs to reflect the results of the testing and monitoring, relevant technology changes, material changes to operations or business arrangements, and any other circumstances that the institution knows or reasonably believes may have a material impact on the program.
Sutro’s team of experienced compliance and audit professionals are expert in conducting privacy risk assessments including:
  • Identifying gaps and vulnerabilities;
  • Calculating and ranking risks;
  • Analyzing the effectiveness of existing controls;
  • Documenting testing procedures; and
  • Identifying effective ways to improve procedures and supervision.
By working with The Sutro Group, our clients can:
  • Partner with a trusted name in regulatory compliance with decades of experience dealing and negotiating with regulators;
  • Maximize existing compliance resources while minimizing disruptions to a firm’s ongoing business operations; and
  • Achieve proactive compliance with an SEC priority that will most likely become law at the conclusion of the comment period.
    Home | Services | Sutro Team | Our Vision | Podcast Archive| Contact Us
    Copyright © 2007. TheSutroGroup.com