Comment Letter

The Investment Company Institute supports the U.S. Securities and Exchange Commission’s proposal to supplement the requirements of Section 248.30 of Regulation S-P, which govern safeguarding of customer information, to require “covered institutions” to have more detailed and rigorous programs providing for the protection of customer information and to provide breach notices in the event of unauthorized access of sensitive customer information. We commend the Commission for both pursuing these amendments and for patterning these new requirements with those of the Interagency Guidelines Establishing Standards for Safeguarding Customer Information (the “Interagency Guidelines”) adopted by the federal banking regulators. The Interagency Guidelines implemented the provisions from Section 501(b) of the Gramm-Leach-Bliley Act (the “GLB Act”) that require financial institutions to implement information security standards. Our current support for the Commission’s amendments to Regulation S-P is consistent with our support for similar amendments proposed in 2008 by the Commission. As we noted in our 2008 letter, aligning the SEC’s requirements with the Interagency Guidelines “will facilitate compliance by our members that are also subject to such regulators’ jurisdiction.” Further, such an approach promotes a more coherent framework and will better serve the goals of the government and its agencies.

Read more in the comment letter.