Has Your Firm Safeguarded Customer Information

March 31, 2006

The Gramm-Leach-Bliley Act of 1999 and the subsequent Regulation S-P require that certain financial institutions, such as investment advisors, safeguard the privacy of non-public customer information. Under this regulation, financial institutions must provide clients with the opportunity to opt out (or avert) the disclosure of their non-public information to non-affiliated parties other than as required or allowed by law. At this juncture, you are probably familiar with this requirement and already provide a copy of your privacy policy to all new clients upon establishing the client relationship and existing clients on an annual basis.

While your firm may have prepared a written privacy policy, have you designed safeguards within your firm to protect client information? Since the introduction of Regulation S-P, the SEC has emphasized the significance of protecting client information by developing and implementing safeguards to secure client information.

Some of the suggestions that have been provided by regulators include keeping client files in locked rooms or locked cabinets. The files should only be accessible to those individuals within the firm that need the information to perform their jobs. Does your firm shred old documents and files, or are they simply thrown in the waste basket? Measures should be taken to ensure that client information is regularly shredded prior to discarding. Other suggestions include making sure all computers are password protected and screen savers are automatically set to display after inactivity.

Another important component of a privacy policy is conducting tests to ensure its viability. This could include retaining an information technology consultant to try to break through your network’s firewall, or testing employee passwords to determine if they can be easily guessed. Ultimately, the key to any good policy is testing the procedures that have been designed around the policy.

If you have any questions concerning the privacy obligations of an investment advisor, please give us a call.

Posted by Bryan Hill
Labels: Privacy