SIFMA provides comments to the Securities and Exchange Commission (SEC) on proposed amendments to Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information, File No. S7-06-08.  SIFMA’s recommendations include: 1) harmonizing the revisions to Regulation S-P with the Federal Banking Agencies’ Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice; 2) requiring a firm to implement an information security program that is appropriate to its size and business; 3) not expanding the rule to cover employees, investors and security holders which are all beyond the scope of Gramm-Leach-Bliley Act (GLBA); 4) only requiring firms to notify the government of a breach if more than 1,000 customers are affected, and the method of notification should be flexible; 5) clarifying the proposed exception permitting departing registered representatives to take their customer contact information to their new firm; and 6) providing the firms with an 18 month implementation period.