The SEC’s 2024 amendments to Regulation S‑P (Amendments) require covered firms to adopt and implement incident response programs, which must provide for notification of customers affected by breaches and oversight of service providers that hold customer information. In anticipation of the December 3, 2025, compliance date for large firms, the SEC is holding a series of outreach events to promote readiness for compliance. “The SEC has long prioritized safeguarding customer information and ensuring robust customer protection through strong compliance,” said Keith Cassidy, acting Director of the SEC Division of Examinations (Exams) and National Associate Director of its Technology Controls Program, at the first of such events. The Amendments are designed to ensure customers “have notice of [a] covered institution’s potential data breach and take steps to protect themselves if they choose,” he added. This article synthesizes the key takeaways from the September 25, 2025, event, which included staff from Exams and the Divisions of Investment Management and Trading and Markets. As is customary, the views expressed by the speakers were their personal views, not those of the SEC or any commissioner. See “Division of Investment Management Staff Discuss Staffing, Operations, Rulemaking and Other Developments” (Jul. 31, 2025); and “Gensler Discusses the SEC’s Cyber Priorities” (Mar. 3, 2022).