• Private Equity

    Private equity and venture capital managers

  • Credit

    Private debt, CLOs, and public credit

  • Fund Administrators

    Fund administrators serving private capital

Back Office

Investor Relations

Investment Management

Enterprise Data Solutions

Front Office

Investor Relations

Back Office

Technology Partner

Enterprise Data Solutions

Back Office

Enterprise Data Solutions

Investor Relations

Data Collection

Purpose-built for your investment strategy and fund lifecycle

Firm Type

Investment Strategy

Emerging Managers

Diversified Managers

Allvue monthly newsletter

Sign up to receive regular updates on Allvue's content, award wins, product releases, and more.

SIGN UP HERE

Type

Topic

Allvue monthly newsletter

Sign up to receive regular updates on Allvue's content, award wins, product releases, and more.

SIGN UP HERE

Allvue

NEW

Allvue AI

Data Management

Breaking Down the Recent SEC Regulation S-P Amendments: What You Need to Know

By: Deborah Mason Lefkowitz

Chief Legal Officer
December 12, 2025

What is SEC Regulation S-P? 

On May 16, 2024, the U.S. Securities and Exchange Commission (“SEC” or “Commission”) issued amendments to Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Customer Information (“Regulation S-P”). These amendments became effective on August 2, 2024, and compliance deadlines are December 3, 2025, for larger entities, and June 3, 2026, for smaller entities.

Regulation S-P governs the treatment of nonpublic personal information of consumers by financial institutions, and the amended Regulation S-P requires covered institutions to undertake more proactive measures to safeguard customer information in their systems, and the systems of their service providers, such as Allvue.

Below is a summary of the implications of these amendments on covered institutions and how Allvue is supporting its customers in meeting these requirements.

What are the critical action items around Service Providers when it comes to Regulation S-P?

Two critical requirements have emerged from the amendments: 

  1. Mandatory Response Programs: Covered institutionsare now required to establish and implement comprehensive security programs to protect against unauthorized access to customer information; and 
  2. Oversight of its Service Providers: The security programs of covered institutions must include procedures to monitor the security measures of its service providers that handle customer information. Specifically, service providers must: 
    1. Protect against unauthorized access to or use of customer information; and 
    2. Provide notification to the covered institution within 72 hours after becoming aware of unauthorized access to a customer information system that it maintains. 

How is Allvue helping our customers comply with the amended Regulation S-P? 

Allvue has developed a dedicated Regulation S-P Service Provider Addendum to support our customers in meeting their obligations under Regulation S-P. This addendum enables covered institutions to ensure the safeguards that Allvue maintains to protect customer information, helping institutions fulfill their oversight responsibilities for third-party service providers. 

If you are an existing customer and need to comply with Regulation S-P, please reach out to your customer representative.  Allvue is ready to provide you with the contractual safeguards and reassurance you need to ensure the security and confidentiality of your data in line with Regulation S-P requirements.  Rest assured, we are here to help. 

Where can I find additional information about Allvue’s data privacy and compliance information? 

As part of our commitment to transparency, compliance and security, we recently launched the Allvue Trust Center. This dedicated hub provides comprehensive information on the following:

  • Transparent insight into Allvue’s security frameworks and compliance certifications;
  • Self-serve access to key documents, including SOC reports, white papers, and privacy documentation; and
  • Real-time updates on our latest security and data privacy initiatives, including subprocessor changes. 

The Allvue Trust Center has been designed to empower you with the information and tools you need to ensure the protection of your data, handle due diligence reviews, and ensure confidence in partnering with us. 

What are the key takeaways from Regulation S-P? 

The amendments to Regulation S-P have introduced heighted requirements to covered institutions to protect their customers’ information. Allvue remains committed to supporting our customers through tailored solutions and adherence to regulatory standards. For more information, visit the Alluve Trust Center or contact us  directly to learn how we can assist in ensuring compliance with Regulation S-P. 

More About The Author

Deborah Mason Lefkowitz

Chief Legal Officer

Deb is a seasoned in-house attorney with expertise in complex commercial transactions as well as data and technology transactions. Prior to joining Allvue, Deb held the role of General Counsel North America for NielsenIQ following its separation from The Nielsen Company into a stand-alone organization. In this role, she provided counsel on a wide range of commercial and strategic matters including mergers and acquisitions, commercial transactions, product development, litigation, integrity and corporate compliance, privacy, and data security. Deb spent the early part of her career at GfK, Germany’s largest market research company, and before that she was in the mergers & acquisitions space as an associate with Ropes & Gray LLP. Deb earned her JD from Case Western Reserve University School of Law and BA from The Ohio State University.

Most Popular

Skip to content