Session 1: BD/IA (LAB) - Reg S-P Amendments/Privacy Controls: Evolving Privacy Regulations (Intermediate)

Complying with the requirements of Amended Regulation S-P requires covered financial institutions to develop protections for safeguarding customers’ personally identifiable information (PII) and creating an incident response program to respond to data breaches in conformance with applicable laws.   This requires firms to understand the fundamental regulatory requirements for developing written privacy policies and procedures which map PII to privacy controls and safeguards designed to prevent data breaches, creating an incident response to address data breaches and notify customers, and maintaining books and records in accordance with regulatory requirements, including the disposal rule.

The following learning objectives will be met using case studies, examples, group discussions, and other application activities:

• Discuss potential updates to the financial institution’s policies and procedures in response to Reg S-P amendments, including incident response.

• Engage in a case study regarding the 30-day privacy breach notification

• Review the “new” data disposal rule and discuss methods to apply.

• Discuss considerations for reviewing vendor contracts, assessing outsourcing options, conducting vendor due diligence, and tips for planning an incident response.