|
Body of Knowledge
The Privacy and Confidentiality Curriculum will provide a general overview of regulatory requirements regarding privacy and confidentiality.
The readings and course materials are designed to familiarize candidates with the requirements of Regulation S-P (Privacy) and its applicability to the following types of firms registered with the Securities and Exchange Commission: investment advisers, investment companies and broker-dealers. The readings also cover SEC staff and National Association of Securities Dealers pronouncements on privacy and safeguarding of customer information, Federal Trade Commission rules requiring unregistered investment companies to have information security programs and state law requirements regarding notification of security breaches. In addition, the readings provide an overview of the concept of confidentiality as it applies to investment advisers and other fiduciaries.
Readings
1. |
“Final Rule: Privacy of Consumer Financial Information (Regulation S-P),” SEC Release Nos. 34-42974, IC-24543, IA-1883 (June 22, 2000) |
|
2. |
“Final Rule: Disposal of Consumer Report Information,” SEC Release Nos. 34-50781, IA-2332, IC-26685 (December 8, 2004) |
|
3. |
“Staff Responses to Questions about Regulation S-P,” (January 23, 2003) |
|
4. |
NASD Notice to Members 05-49, Safeguarding Confidential Customer Information (July 2005) |
|
5. |
“States Move Rapidly to Enact Laws Requiring Notification of Security Breaches,” K&LNG Alert (July 2005) |
|
6. |
“The Regulation of Money Managers: Mutual Funds and Advisers (Second Edition)” Tamar Frankel and Ann Taylor Schwing, Aspen Publishers (2006 Supplement), Vol. 2, § 13.04 |
|
Learning Objective
The candidate should be able to demonstrate a thorough knowledge of Regulation S-P (Privacy) and be able to (i) assist management in developing, documenting and implementing a privacy policy, (ii) advise management on appropriate technology, policies and procedures to ensure data security, (iii) monitor secure treatment of client records and information and (iv) monitor a firm’s maintenance of client records to ensure they are secure from unauthorized alteration or use. The candidate should also be able to demonstrate a general understanding of the concept of confidentiality.
Learning Outcomes
Regulation S-P (Privacy)
“Final Rule: Privacy of Consumer Financial Information (Regulation S-P)”
SEC Release Nos. 34-42974, IC-24543, IA-1883 (June 22, 2000)
After reading this SEC release, candidates should be able to:
-
define the terms “consumer,” “customer,” “customer relationship,” “non-public personal information,” “personally identifiable information” and “publicly available information” as used in this release. (Knowledge and Comprehension)
-
discuss the requirements for policies and procedures that must be established to safeguard customer records and information. (Knowledge and Comprehension)
-
describe the limitations on disclosure of non-public information to non-affiliated third parties. (Synthesis and Evaluation)
-
discuss the information that must be included in a privacy notice. (Knowledge and Comprehension)
-
discuss limits on sharing client account for marketing purposes. (Knowledge and Comprehension)
-
explain when and how privacy notices must be provided to clients. (Knowledge and Comprehension)
-
explain the limits on re-disclosure and reuse of information. (Knowledge and Comprehension)
-
summarize the requirements and exceptions with respect to notice and opt out requirements. (Synthesis and Evaluation)
“Final Rule: Disposal of Consumer Report Information" SEC Release Nos. 34-50781, IA-2332, IC-26685 (December 8, 2004)
After reading this SEC release, candidates should be able to:
"Staff Responses to Questions about Regulation S-P" (January 23, 2003)
After reading this SEC release, candidates should be able to:
-
describe the SEC staff’s interpretation of the scope of Regulation S-P. (Knowledge and Comprehension)
-
discuss how to determine which financial institution has a client relationship when there are multiple financial institutions involved in a client relationship (e.g., wrap accounts and mutual funds). (Knowledge and Comprehension)
-
describe the SEC staff’s view of the privacy notice delivery requirements. (Synthesis and Evaluation)
NASD Notice to Members on Privacy
NASD Notice to Members 05-49, Safeguarding Confidential Customer Information (July 2005)
This NTM provides concrete examples of how a firm’s policies and procedures need to be constantly revised as technology advances.
After reading NTM 05-49, candidates should be able to:
-
discuss data security issues posed by new technologies such as “Wi-Fi” connectivity and remote access. (Knowledge and Comprehension)
-
summarize the four minimum considerations in tailoring a broker-dealer’s policies and procedures addressing the protection of customer information and records. (Knowledge and Comprehension)
State Regulations Regarding Notification of Security Breaches
States can enact their own privacy-related regulations which may or may not be more stringent than the federal regulations. Firms will be held to these higher standards in those jurisdictions. Therefore, compliance programs need to be aware of additional privacy-related rules and regulations in every jurisdiction where the firm does business.
“States Move Rapidly to Enact Laws Requiring Notification of Security Breaches" K&L Gates Alert (July 2005)
After reading this publication, candidates should be able to:
-
summarize the requirements of California’s notification law. (Knowledge and Comprehension)
-
discuss the general trend in state and federal regulation regarding notification of security breaches. (Application and Analysis)
Confidentiality
The Regulation of Money Managers: Mutual Funds and Advisers (Second Edition) Tamar Frankel and Ann Taylor Schwing Aspen Publishers (2006 Supplement)
After reading § 13.04 of this treatise, candidates should be able to:
-
discuss the concept of confidentiality as it applies to an adviser or fiduciary. (Application and Analysis)
-
explain the potential adverse consequences of willful disclosure of client information for the benefit of the adviser or a third party under Section 206 of the Advisers Act. (Knowledge and Comprehension)
|
