DH Frederick Securities, Inc. Privacy Policies (pursuant to US Securities and Exchange Commission Regulation S-P)
The Securities and Exchange Commission passed Regulation SP in June of 2000, implementing privacy rules among affiliated and non-affiliated financial institutions, in response to the Gramm-Leach-Bliley Act (“GLB”), which passed in November of 1999. GLB eliminates the restrictions on banking, securities and insurance activities being conducted under one roof. GLB also addresses privacy concerns through provisions for sharing information among the various entities, as advocated by various consumer privacy groups. Included in GLB’s Title V are complex privacy rules that require financial institutions to adopt policies and procedures and provide consumers and customers with various notices regarding the steps the firms will take to protect nonpublic customer information.
An Affiliate is any company that controls, is controlled by, or is under common control with the financial institution.
Clear and Conspicuous
Clear and conspicuous means that the notice must be designed to call attention to the information contained in the notice, and that the notice must be reasonably understandable. This means that the typeface and size are large enough to be easily read, and that they are of such a design that will illustrate the significance of the disclosure.
A consumer is an individual who obtains financial products or services that are to be used primarily for personal, family, or household purposes. The legal representative(s) of the consumer are included in the definition. Financial products and services include the investments themselves and those evaluations or analyses that led to the investment.
Consumers are not:
· Individuals who provide only their name, address, or other general contact information for the purpose of obtaining information, such as a response request.
· Individuals who have accounts with the broker/dealer solely for the purpose of executing the transaction, such as those accounts cleared through the firm by an introducing broker/dealer or contracted broker/dealer.
· Individuals who have accounts or transaction with a firm solely due to agent or service contracts.
· Other individuals who are not directly defined as consumers of the entity.
A continuing relationship is one in which there is an ongoing association with the firm.
This will include:
· A consumer who has an account with an introducing broker that clears through the firm on a fully disclosed basis
· A consumer who is the recorded owner of securities issued by the firm
· Any consumer with whom the firm has had one transaction but with whom the firm expects to develop an ongoing relationship, and future, subsequent transactions
· Any consumer who has contracted with the firm for continuous and ongoing investment services, or investment supervisory services.
A continuing relationship is not established in cases where there is a stand-alone transaction that is not expected to result in future transactions.
A customer is a consumer who has a “customer relationship” with the firm.
A customer relationship is a continuing relationship between a consumer and an investment firm under which the firm provides a financial or investment product or service that is to be used primarily for personal, family or household purposes.
Nonpublic Personal Information
Nonpublic personal information is essentially that information obtained or collected by the firm that is personally identifiable financial information. The definition includes lists, groups, or other categories that have been created or derived on the basis of individual or household nonpublic information. For instance, a list of names derived from specific account numbers is nonpublic personal information.
Personally Identifiable Financial Information
Personally identifiable financial information is that information provided to the firm by a consumer which results in a transaction with the consumer, which results in the provision of any service to the consumer, and or which is obtained by the firm through the use of account applications, client profiles or questionnaires, or through other means.
Publicly Available Information
Publicly Available Information is that which the firm may reasonably believe is available to the general public:
· Legally through federal, state, or local governments,
· Broadly through public media such as phone books, web listings, or newspapers
CONSUMERS AND CUSTOMERS
Regulation S-P draws distinctions among customers and consumers, requiring differing levels of protection to each. Entities covered by the regulation must provide customers notice about the entity’s privacy policies, and must give consumers a method to opt out of any sharing practices with reasonable notice time.
Under the regulation, a consumer is an individual who obtains financial products or services to be used primarily for personal purposes.
Products and services can including evaluations of information, in addition to the product or service itself.
By contrast, a customer is a consumer with a continuing relationship with the entity to obtain the services of a consumer.
Therefore, all customers are also consumers.
Regulation S-P becomes effective on November 13, 2000.
Compliance is not mandatory until July 1, 2001, however implementation of any privacy policies including opt out rights must leave ample time for reasonable response of the consumers and customers. 30-days (or June 1, 2001) is therefore considered a deadline for notification for those firms intending to share nonpublic information.
FIRMS COVERED BY REGULATION S-P
The SEC’s Regulation S-P places restrictions on broker/dealers, registered investment advisers and investment companies regarding the sharing of nonpublic personal information about consumers and customer to nonaffiliated third parties. Regulation S-P requires all those entities to produce and disseminate policies and procedures, including opt out provisions in certain cases, throughout their organizations and to their customers.
Covered under the regulation are:
· Federally Registered Investment Advisers
· Investment Companies
Not covered are non-SEC registered foreign broker/dealers, and state registered investment advisers, in most cases. It is anticipated that similar regulations will be passed by states to require privacy protection to clients of state-registered investment advisers. Foreign jurisdictions may have in place similar requirements regarding the sharing of nonpublic customer information which may be more or less stringent than those of the SEC. It is the obligation of the firm to determine compliance with every relevant regulatory agency.
Regulation S-P requires that notice of the privacy policies of the entity be given to consumers and customers initially and annually.
The initial notice must be clear and conspicuous in the manner in which it presents the policy.
For customers, initial notice must be provided at or before the point when a customer relationship is established. Conditions exist to allow notice within a reasonable time frame for such instances as an account transfer or telephone order, when the notice requirements may interfere with the transaction itself.
Once within every 12 month period during which an ongoing customer relationship exists a subsequent notice of the policy must be provided to all customers. If there is a change in the privacy policies of the firm, notice must be given to all customers whose information may be affected by the change.
Content of Notice
The notices must contain specific information, including:
· Public information collected by the entity,
· The categories of nonpublic information disclosed by the entity, including the same for former customers,
· The categories of affiliated and non-affiliated third parties to whom information is disclosed by the entity,
· Separate disclosure is required for any servicing or joint marketing agreements, including the categories of information and of the third parties involved,
· Opt out rights available to customers, which must adhere to the regulation’s standard of “reasonable”,
· General disclosures regarding the policies of the entity to protect and secure confidential information,
· Disclosure regarding shared information among affiliated parties,
· Statement(s) regarding allowed third party sharing relationships, such as those conducted under the transactional exemption or others.
DH Frederick Securities, Inc. will take reasonable measures to guard against unauthorized access or use of nonpublic information derived from consumer reports during the disposal process including the following:
· Compliance Officer will identify information subject to the disposal procedures in a written memo that is to updated and distributed as needed to appropriate personnel
· Compliance Officer will ensure that there is secure removal of trash involving consumer report information
· Paper information will be burned, pulverized, or shredded
· Electronic information will be destroyed or erased so the information cannot be practicably read or reconstructed
· Train employees in proper disposal procedures
· Periodic spot checks of the disposal process to verify that the nonpublic information is reasonably protected from unauthorized access or use
If DH Frederick Securities, Inc. engages a third party to provide disposal services, the Firm will:
· Perform due diligence to identify a qualified third party service provider
· Enter into a contract with a company that is in the business of disposing of consumer information consistent with Rule 30 of Regulation S-P
· Ensure that the contract includes a method for notifying the third party when consumer report information is being provided for disposal
The Compliance Officer will notify the third party when consumer report information is being provided for disposal in accordance with acceptable disposal procedures.
Technological advancements and other changes in the workplace have raised concerns regarding the safeguarding of customer information. The following procedures must be followed regarding two recent technology developments:
· Wi-Fi is a generic term often used to refer to wireless connectivity to the Internet. Use of wireless connections are subject to the risk of unauthorized access by outside parties and the difficulty of ensuring the security of wireless connections to the Internet. Therefore, employees are prohibited from using Wi-Fi technology to access customer account information unless the information is encrypted, firewalls and similar defensive software is installed or the employee is working on the Firm’s premises. The Compliance Officer must pre-approve the use of Wi-Fi technology for the Firm’s business.
· Remote access to corporate networks through VPNs or other technology may be authorized to allow employees to work at home or while traveling. The Compliance Officer will approve requests for remote access and the Compliance Officer or designee will assign passwords and retain a record of authorized employees. Firewalls and other protections to avert intrusion by outsiders and breaches of confidentiality must be used if remote access is allowed.
DH FREDERICK SECURITIES, INC. POLICY AND PROCEDURES
Access to Customer Records
Access to the completed documents and customer files is restricted to:
· Only those employees who are required by their job function to access this information. These employees are generally administrative personnel and principals.
· Management, Legal and Compliance staff in cases where the information is requested to resolve a customer dispute
· Management Legal and Compliance staff in cases where such information is requested by a regulatory agency
· Others as specifically permitted by Management
Collection of Customer Information
DH Frederick Securities, Inc. does not currently but may in the future collect and record customer information on the following types of forms contain personal and financial data:
· New Account Application
· Customer Profile
· Customer Questionnaire
Distribution of Privacy Pledge to Customers and Consumers
DH Frederick Securities, Inc. relies upon the examples provided in Regulation S-P at 248.3 (a) (2) [Examples] (g)(1)iii and iv to determine that non-public customer information collected through necessity for the completion of a transaction on behalf of another financial institution or broker/dealer does not trigger a customer/consumer relationship.
In the event customer relationships are established, the firm will adhere to requirements to send an initial and annual notice to all customers.
Once within every 12 month period during which an ongoing customer relationship exists a subsequent notice of the policy must be provided to all customers. The privacy pledge will be utilized as the Annual Notice form. If there is a change in the privacy policies of the firm, notice must be given to all customers whose information may be affected by the change.
The initial notice must be clear and conspicuous in the manner in which it presents the policy. The Privacy Pledge will be utilized as the initial notice.
An initial notice must be provided to all customers at or before the point when a customer relationship is established. When the account is the result of an account transfer or telephone order, or when the notice requirements may interfere with the transaction itself the notice maybe provided at the time of the transaction.
Distribution of Privacy Pledge to Employees
All employees will be required to review the Privacy Pledge, along with these policies and procedures upon joining the firm, and annually thereafter.
Each employee is required to acknowledge receipt and understanding of the Privacy Pledge.
The following is the DH Frederick Securities, Inc.’s pledge:
Our PRIVACY PLEDGE to you
Your relationship with DH Frederick Securities, Inc. is based on trust and confidence.
To fulfill its responsibilities to you, DH Frederick Securities, Inc. requires that you provide current and accurate financial and personal information.
You deserve to expect the DH Frederick Securities, Inc. will protect the information you have provided in a manner that is safe, secure and professional.
DH Frederick Securities, Inc. and its employees are committed to protecting your privacy and to safeguarding that information.
Safeguarding Customer Documents
During the regular business hours, a firm principal will ensure that access to customer records is monitored so that only those with approval may access the files. During hours in which the company is not in operation, the customer records will be locked.
No individual who is not so authorized shall obtain or seek to obtain personal and financial customer information. No individual with authorization to access personal and financial customer information shall share that information in any manner without the specific consent of a principal of the firm.
Failure to observe DH Frederick Securities, Inc.’s procedures regarding customer and consumer privacy will result in discipline and may lead to termination.
Sharing Nonpublic Personal and Financial Information
DH Frederick Securities, Inc. is committed to the protection and privacy of its customer’s and consumer’s personal and financial information. DH Frederick Securities, Inc. will not share such information with any nonaffiliated third party except:
· When necessary to complete a transaction in the account, i.e. with the account custodians,
· To the issuing company or their attorneys or accountants,
· When required to maintain or service the account,
· To resolve customer disputes,
· When requested by a fiduciary or beneficiary on the account,
· To rating agencies rating, or to the client’s attorneys or accountants,
· When required by a regulatory agency, or for other reasons required or permitted by law,
· In connection with a sale or merger or DH Frederick Securities, Inc.’s business,
· In any circumstance that has the customer’s instruction or consent.