Business man on laptopOne of the most common things we discuss with clients is the need to ensure that privacy policies accurately reflect the actual procedures in place for handling confidential information.  The SEC reiterated that point last week in a Risk Alert that encouraged SEC-registered companies to review their written policies and procedures to ensure adequate implementation and compliance with the law.  In the Risk Alert, the Office of Compliance Inspections and Examinations (“OCIE”) published a list of issues under Regulation S-P (the privacy rule) it has seen in the context of exams.

The Risk Alert identifies the following common deficiencies:

  • Privacy and Opt-Out Notices: Many companies have failed to provide the necessary notices and even when notices are provided, they do not accurately reflect the company’s policies and procedures.
  • Lack of Policies and Procedures: Some companies simply do not have in place all policies and procedures that are necessary to be in compliance with Regulation S-P.  For example, OCIE has encountered companies that purport to adopt the Safeguards Rule but have no documented procedures related to administrative, technical and physical safeguards.
  • Policies Not Implemented or Reasonably Designed to Safeguard Information: Some of the written policies that are in place are not actually suited to accomplish the stated goal – namely, safeguarding sensitive information.  OCIE has seen inadequacies related to the handling of personal information on personal devices, electronic communications, unsecure networks, and outside vendors.  OCIE also has encountered inadequate training and monitoring policies, incomplete incident response plans, and various other protocols that put sensitive information at risk.

Entities registered with the SEC should take this opportunity – while they are (hopefully) outside the spotlight of a regulatory exam – to revisit their policies and procedures to ensure that they accurately reflect the protocols in place and comply with Regulation S-P.  This sort of preventative analysis could help companies avoid charges of violating Regulation S-P in the future.  The lawyers at Vedder Price are well-versed in these issues and ready to help in any way possible.

Print:
EmailTweetLikeLinkedIn
Photo of Blaine C. Kimrey Blaine C. Kimrey

Blaine C. Kimrey is a Shareholder at Vedder Price, Chair of the Media & Entertainment Litigation practice group, and a member of the Privacy, CyberSecurity, & Media practice group.  A former journalist at two daily newspapers (the Austin American-Statesman and the Arkansas Democrat-Gazette

Blaine C. Kimrey is a Shareholder at Vedder Price, Chair of the Media & Entertainment Litigation practice group, and a member of the Privacy, CyberSecurity, & Media practice group.  A former journalist at two daily newspapers (the Austin American-Statesman and the Arkansas Democrat-Gazette), Mr. Kimrey is a trial lawyer who has dedicated more than 20 years to working for and defending media entities. Mr. Kimrey’s practice, however, extends well beyond media defense, focusing on a broad range of direct and class action litigation involving topics as diverse as privacy, consumer deception, intellectual property, entertainment, insurance, banking, real estate, civil rights, telecommunications, and mass catastrophes and torts.  Among other accolades, Mr. Kimrey is Chambers USA Band 2 rated for Media & Entertainment Litigation in the state of Illinois, is listed in Best Lawyers in America for Intellectual Property Litigation, and is AV-rated by Martindale-Hubbell.

Photo of Bryan K. Clark Bryan K. Clark

Bryan K. Clark is an Associate at Vedder Price and a member of the Privacy, CyberSecurity & Media practice group.  He has an extensive media and privacy practice that includes privacy class action defense, mobile-marketing litigation, class action TCPA litigation, copyright litigation, right…

Bryan K. Clark is an Associate at Vedder Price and a member of the Privacy, CyberSecurity & Media practice group.  He has an extensive media and privacy practice that includes privacy class action defense, mobile-marketing litigation, class action TCPA litigation, copyright litigation, right of publicity litigation, data breach response, FOIA issues, reporter’s privilege issues and prepublication review.

Photo of Joel S. Forman Joel S. Forman

Joel S. Forman is a Shareholder in the New York office of Vedder Price and a member of the firm’s Litigation practice area. Mr. Forman defends financial institutions in federal and state court trials and appeals, arbitrations and mediations, and government and self-regulatory…

Joel S. Forman is a Shareholder in the New York office of Vedder Price and a member of the firm’s Litigation practice area. Mr. Forman defends financial institutions in federal and state court trials and appeals, arbitrations and mediations, and government and self-regulatory organization inquiries, investigations, examinations, Wells notices  and administrative proceedings. He represents companies seeking broker-dealer and investment adviser registrations, and firms filing new and continuing membership applications with FINRA.