By March 1, 2010 any investment adviser or broker dealer with clients or customers residing in Massachusetts must have in place a comprehensive Privacy & Information Security Program pursuant to Massachusetts Regulation 201 CMR 17.00 et. seq.
Ascendant Compliance Management is offering a Model Privacy & Information Security Program based on SEC Federal Regulation S-P 17CFR Part 248, and Massachusetts Regulation 201 CMR 17.00: “Standards for the Protection of Personal Information of Residents of The Commonwealth.” All investment advisers and broker dealers must adhere to Regulation S-P, and investment advisers and brokers should already have in place appropriate procedures accordingly.
The specific creation of a Privacy & Information Security Program, including many of the features included in this model, is not currently enumerated by Regulation S-P. Nevertheless, any investment adviser or broker dealer with clients or customers who are residents of Massachusetts must have a Privacy & Information Security Program in place by March 1, 2010. Many of the provisions of the Model Privacy & Information Security Program are based on the Massachusetts regulation. All provisions related to the encryption of data are specifically required by the Massachusetts Regulation only, and are only specifically required to be applied to the transmission and storage of Nonpublic Personal Information related to Massachusetts residents.
Nevertheless, Ascendant encourages advisers and broker dealers to begin to adopt a program, including encryption of Nonpublic Personal Information, and to apply such practices to all Clients and Customers as possible. Virtually all states have regulatory mandates (commonly referred to as breach notification laws) that Clients and Customers be notified if their Nonpublic Personal Information is part of a data security breach. Businesses generally require expensive legal counsel to determine those notification requirements on a state-by-state basis. Under many state regulations, however, if lost, misplaced or stolen data was encrypted then the regulation does not require the declaration of a security breach and does not require notification.
Buy the MPISP Program and receive access to any archived ComplianceCast of your choice, FREE! This limited time combination offer is a $400 savings.
Purchase your Model Privacy & Information Security Program, below. Once we have received your information we will contact you to initiate an electronic download of the program and archived ComplianceCast of your choice.
By requesting this resource you are agreeing to receive emails from Ascendant Compliance. You can unsubscribe at any time using the "update your email preferences" or "Unsubscribe from all emails" links at the bottom of every email from us