Safeguarding Information- Regulation S-P and other Privacy Mandates
March 18, 2010
1:00 PM – 3:00 PM EST
Presented by:
Valerie Baruch-Assistant General Counsel, IAA
Beth Kiesewetter-Associate, Morgan, Lewis & Bockius LLP
Investment adviser and broker-dealer firms cannot conduct business without gathering and maintaining customer information. The regulators are mandating strict controls and procedures to help ensure that this information does not fall into the wrong hands.
In March 2008, the SEC proposed amendments to Regulation S-P, the privacy and safeguarding regulation that applies to investment adviser, broker-dealers and investment companies. The proposed amendments would set forth more specific requirements for safeguarding information and responding to information security breaches, and broaden the scope of the information covered by Regulation S-P’s safeguarding and disposal provisions.
Some experts have observed that the threat of identity theft has only increased in the wake of the global financial crisis. In its examinations, SEC staff focuses heightened attention on a firm’s information security or “safeguarding” controls for protecting client information.
This session will discuss the basics of information security and how to map a firm’s policies and procedures to its particular risk profile. Other important topics to be addressed include:
- State-mandated data protection and breach notification requirements, including the Massachusetts identity theft regulations that went into effect on March 1, 2010;
- Responding to information security breaches and adopting vendor management best practices; and
- Implications of the new SEC Regulation S-AM (compliance date is now June 1, 2010) and the FTC Red Flag Rules (compliance date is now June 1, 2010).
Learning Objectives:
After completing this course you should be able to:
- Understand Regulation S-P requirements concerning privacy notice delivery and be able to create firm-wide policies and procedures concerning privacy practices
- Learn about strong internal controls to identify and assess the red flags of identity theft, effective safeguards for controlling these risks, responses to information breaches and recommended steps for preventing them, and reasonable monitoring and testing of your safeguarding program.
- Identify areas of current SEC focus that are likely to surface during an SEC examination, and obtain guidance on how to achieve a successful examination outcome in the area of information security
- Learn about the efforts on the part of the states and the FTC to impose broader and more specific requirements on firms that collect personal information.
For Whom: Chief Compliance Officers, Internal auditors, Compliance Staff at all levels, Marketing personnel, Legal counsel, Management, Information Officers
Suggested Skill Level: Basic to Intermediate
Pre-requisites for participation: No advance preparation or prerequisites are required. However, attendees can benefit by reviewing the SEC Regulation S-P and proposed amendments to become familiar with the structure and terms.
Continuing Education Credits: Recommended CPE Credit: 2
