Regulation S-P focuses on protecting the personal and private information of customers of financial firms. Because firms collect and store so much information electronically, they must take specific steps to safeguard customer privacy.
Regulation S-P also clarifies what counts as private (non-public) information. Some examples are straightforward, such as Social Security numbers, suitability information, and account balances. Other sources can be less obvious - for example, data collected through internet cookies. Even when the source is less obvious, the information still must be protected.
In addition to identifying and safeguarding non-public information, Regulation S-P requires firms to disclose to customers when the firm provides non-public information to third parties. For example, a firm must tell you if it sends your non-public information to a third-party company that prints checks. To print checks, that third party needs access to account numbers and other private account information.
Firms must provide these disclosures at account opening and then annually. The firm must also give the customer an “opt-out” feature, which prevents the firm from disclosing private information to third parties. Opt-out methods must be easy to use; check-off boxes on letters or emails are commonly used. More burdensome requirements - such as making a customer write a lengthy letter to request the opt-out - are prohibited.
Sign up for free to take 3 quiz questions on this topic