Regulation S-P, which was adopted by the SEC as required by the Gramm-Leach-Bliley Act, is the governing rule of privacy policies for investment companies, broker-dealers and SEC-registered investment advisers (a “firm”). Regulation S-P requires a firm to describe the conditions under which it may disclose nonpublic personal information about consumers to third parties and provide a method for consumers to prevent the firm from disclosing that information to certain third parties by opting out of that disclosure (subject to certain exceptions).
- The categories of nonpublic personal information that you collect: This can include social security numbers, asset information and employment information, to name a few.
- The categories of nonpublic personal information that you disclose: This may include the same items as noted in the previous bullet point but is specific to the information that you share with affiliated and non-affiliated third parties.
- The categories of affiliates and nonaffiliated third parties to whom you disclose nonpublic personal information: Examples here include credit bureaus and service providers to the firm. Most firms must disclose nonpublic information to service providers to conduct business.
- The categories of nonpublic personal information about your former customers that you disclose and the categories of affiliates and nonaffiliated third parties to whom you disclose the information about your former customers: If you treat former customers’ information differently than you do current customers’ information, you will need to disclose the differences. But most firms usually treat current and former customers’ information in the same manner.
- An explanation of the consumer's right to opt-out of the disclosure of nonpublic personal information to third parties, including the method(s) by which the consumer may exercise that right: Opt-out requirements do not apply when you provide nonpublic personal information for everyday business purposes, such as processing transactions or maintaining accounts. Nor does it apply if you are sharing information in response to court orders and legal investigations. An opt-out choice is required if you share personal information with a non-affiliate (or affiliate) for its marketing purposes. If you provide personal information to an affiliate for its marketing purposes or you receive personal information from an affiliate for your marketing purposes, you should also check out Regulation S-AM. (Bonus points if your name is Sam and you read this at 5am.)
- Your policies and practices for protecting the confidentiality and security of nonpublic personal information: This can be a summary of your written procedures for safeguarding nonpublic personal information. Examples include items such as computer safeguards and processes for secured files.
- Plain English
- Availability in other languages
- Accessibility to people with disabilities
- Printable format