States Passing Privacy Laws that Conflict with FINRA and SEC Social Media Compliance Regulations

July 17, 2012

Reading time : 3 minutes

Keeping up on the new rules and regulations regarding social media use can be a difficult task for investment advisers and broker-dealers.  Recently, the U.S. Securities and Exchange Commission (“SEC”) and the Financial Industry Regulatory Authority (“FINRA”) have each issued alerts and notices to investment advisers and broker-dealers offering guidance on social media use.  The SEC issued an alert in January of this year and FINRA has issued Regulatory Notice 10-06 and Regulatory Notice 11-39; these alerts and notices generally require investment advisers and broker/dealers to monitor and archive any business communications their employees have with clients.  Now, many states and even the federal government have bills under consideration that would limit employers’ access to its employees’ social media accounts.  If these laws are passed they could make it even more difficult for investment advisers and broker-dealers to keep adequate records and ensure compliance with the social media rules and regulations.

Maryland was the first state to pass such legislation, protecting both existing and potential employees from being compelled or coerced to disclose user names and passwords for social media accounts such as LinkedIn, Facebook, and Twitter. The social media privacy law passed in Maryland states that “an employer may not request or require that an employee or applicant disclose any user name, password, or other means for accessing a personal account or service through an electronic communications device.”

Additionally, the Illinois legislature has passed similar legislation that is awaiting the governor’s signature. The proposed Illinois bill is similar to Maryland’s law, but in addition to the password and user name restrictions, the bill includes a broader provision that prohibits an employer from requesting “access in any manner to an employee’s or prospective employee’s account or profile on a social networking website.”

Legislators of several other states have introduced social media privacy bills. 

On the federal level, members of both houses of Congress have introduced the Password Protection Act of 2012 (Password Protection Act). One of the co-sponsors of the Password Protection Act, Senator Richard Blumenthal (D – CT) said he supports the bill because, “With few exceptions, employers do not have the need or the right to demand access to applicants’ private, password-protected information. This legislation, which I am proud to introduce, ensures that employees and job seekers are free from these invasive and intrusive practices.”

It appears that the primary purpose of the legislation proposed by the states is to protect the privacy rights of the employees, but it makes complying with SEC and FINRA guidance difficult for investment advisers and broker/dealers. The proposed laws limit an employer’s access to personal social media accounts; however, this creates a serious hurdle in complying with the SEC and FINRA regulatory requirements to supervise the use of social media if the investment adviser representative or broker uses their personal account for business purposes because their firms would be unable to monitor and archive the communication.

The SEC recommends that firms using social media should adopt, and review their policies and procedures periodically. “Firms should create usage guidelines on appropriate and inappropriate use of social media and should consider adopting policies and procedures to address conducting firm business on personal social media sites.” Additionally, investment advisers and broker/dealers have recordkeeping requirements that require certain communications made through social media sites to be retained.  Without access to the personal accounts, investment advisers and broker/dealers may not be able to properly monitor and retain records from these communications.  

Stay tuned for RIA Compliance Consultants for further updates on social media compliance for investment advisers.

Posted by Bryan Hill
Labels: FINRA, Record Keeping, SEC, Social Media