Regulation S-P
The SEC’s Privacy of Consumer Financial Information rules—more commonly known as Regulation S-P—limit the ability of broker-dealers, investment companies, and investment advisers to disclose “nonpublic personal information” about their customers with “non-affiliated third parties.”
Under Regulation S-P, registered broker-dealers, investment companies, and investment advisers must provide their customers with a notice describing their privacy policies and procedures when an account is opened and then on an annual basis. The privacy notice must describe the type of information that will be collected, how it will be used, and with whom it will be shared. A firm is only required to provide an initial privacy notice to consumers if it wishes to disclose any information about the consumer. Both customers and consumers must also be given adequate notice to opt out of sharing personal information with third parties, and the means to opt out must be reasonable.
Note: A customer is an individual who has a continuing relationship with a firm, while a consumer is an individual who does not.
Regulation S-P also requires financial institutions to have a written security plan in effect that addresses the administrative, technical, and physical aspects of safeguarding customers’ nonpublic, personal information. The plan must be designed to (1) ensure the security and confidentiality of customer records and information, (2) protect against any anticipated threats