The U.S. Securities and Exchange Commission (SEC) has adopted amendments to Regulation S-P which require investment adviser firms registered with the SEC to adopt written policies and procedures for incident response programs to address unauthorized access to or use of customer information including procedures for providing timely notification to customers affected by an incident involving sensitive customer information.