As the SEC continues its focus on federal financial privacy and cybersecurity regulations, the agency recently adopted final amendments to Regulation S‑P (Final Amendments). Regulation S‑P is a set of privacy and security rules that govern the handling of “nonpublic personal information” about consumers by broker-dealers, investment companies, registered investment advisers, funding portals and transfer agents. The Final Amendments represent the greatest existing sea change in the SEC’s regulation of cybersecurity by, among other significant updates, prescribing a novel incident response and notification regime that requires covered institutions to thoroughly reconfigure their current policies and procedures. In a guest article, Frankfurt Kurnit attorneys Richard Borden and Andrew Folks examine the Final Amendments’ key requirements and offer practical compliance steps. See our two-part series “Cybersecurity Practices for PE Sponsors and Their Portfolio Companies”: Incident Prevention and Response (Feb. 22, 2024); and Due Diligence and Post‑Acquisition Efforts (Mar. 7, 2024).