Does Your Investment Adviser Have a Written Privacy Policy?

September 12, 2012

Under Rule 30 of Regulation S-P, registered investment advisers are required to implement a written security program to safeguard customer information.  Specifically, investment advisers are required to have in place an information security program that is reasonably designed to:

“(a) Insure the security and confidentiality of customer records and information;

(b) Protect against any anticipated threats or hazards to the security or integrity of customer records and information; and

(c) Protect against unauthorized access to or use of customer records or information that could result in substantial harm or inconvenience to any customer.”

With advances in technology, most employees have access to confidential client data through their laptops, tablet computers and cellular phones.  Due to their portability, these devices present an easy target for those seeking unauthorized access to your clients’ data.  Accordingly, all of your employees’ portable devices should be password protected with strong passwords that contain alphanumeric/special character combinations if they are ever used for business purposes.  Additionally, these devices should be set to auto-lock after several unsuccessful log-in attempts and all data stored on these devices should be encrypted.

If you would like more information on how to protect client data that is accessible through portable electronic devices as well as other information security tips, on September 13, 2012, RIA Compliance Consultants will be presenting a webinar, Establishing Information Security Programs for Registered Investment Advisers.  During this webinar our consultants will discuss the regulatory requirements for establishing information security programs and will offer best practices and tips.  Click here to register for this webinar.

Posted by Bryan Hill
Labels: Information Security, Privacy Policy, Webinar