1. Compliance and Regulations

  • Ensure adherence to SEC regulations with appropriate privacy and cybersecurity policies tailored to SEC requirements.
  • Stay current on SEC-proposed cybersecurity and data privacy rules and risk alerts to help ensure policy alignment with the SEC’s expectations for registered funds and advisers.
  • Incorporate state-specific regulations related to data protection and cybersecurity (e.g., California Consumer Privacy Act and Texas Data Privacy and Security Act) into company privacy and cybersecurity policies.
  • Policies and procedures should encompass risk assessment, incident response, and data breach notification procedures. This includes planning for legal obligations to provide notice of reportable breaches to regulators and investors.
  • Implement compliance with the General Data Protection Regulations (GDPRs) if dealing with investors who are European residents.