Gary Gensler is Chair of the U.S. Securities and Exchange Commission. This post is based on his recent statement. The views expressed in this post are those of Chair Gensler, and do not necessarily reflect those of the Securities and Exchange Commission or its staff.
Today, the Commission is considering amendments to Regulation S-P that will require covered firms to notify their customers of data breaches. I support these amendments because, through making critical updates to a rule first adopted in 2000, these amendments will help protect the privacy of customers’ financial data.
In 1999, Congress passed a provision to help ensure that financial firms protect customers’ nonpublic personal information. As a member of the U.S. Department of Treasury team at the time, I was proud to work with then-Congressman Ed Markey on this important legislation. The provision mandated that federal financial regulators adopt rules to advance consumers’ privacy. The SEC did so in 2000, through Regulation S-P, which requires covered firms to notify customers about how they use their nonpublic personal information.