Going back to yesterday’s subject of privacy forms, I thought it would be good to focus on some of the basics of Reg S-P from the perspective of an investment adviser. When developing privacy policies, all investment advisers should understand the following:
- Advisers are prohibited from disclosing non-public personal information about investors and advisory clients and prospective investors/advisory clients to non-affiliated third parties, unless:
- the adviser provides investors/advisory clients with: (i) notice of its privacy policies including clear notice that non-public personal information may be disclosed to non-affiliated third parties and (ii) a meaningful opportunity to “opt-out” of that disclosure; and
- the investor/advisory client has not opted out.
- The Gramm-Leach-Bliley Act restricts non-affiliated third parties from reusing or re-disclosing non-public personal information that they have received. On this note, it is particularly important that advisers inform service providers of their own privacy policies to ensure that there are no breaches on the service provider end.
- On an annual basis, advisers should send out a privacy policy notice to all investors/advisory clients
- Finally, advisers should ensure that they have developed robust internal privacy policies and controls to ensure the security and privacy of non-public personal information. In fact, registered investment advisers are required under Reg S-P to adopt written information security procedures aimed at safeguarding consumer report information. These policies should include procedures for the proper destruction of non-public personal information.
As previously discussed on this site, the SEC has taken action against firms for failing to have proper privacy controls in place and for related breaches. Additionally, you should note that certain states are taking it upon themselves to enact additional privacy and security laws.
If you would like more information on Reg S-P, you can attend HegeOp Compliance’s free webinar on December 21st. This webinar is part of HedgeOp’s “Excellence in Compliance” seminar series.
