The Company is committed to (i) safekeeping personal information collected from potential, current and former Clients and (ii) safeguarding against the unauthorized acquisition or use of unencrypted data or encrypted electronic data regarding each Client. The proper handling of personal information is one of the Company’s highest priorities. To this end, the CCO [and the IT Director] have been designated to implement, maintain, review and revise, as necessary, a comprehensive information security program. The primary objectives for the CCO [and the IT Director] are to identify and assess any and all reasonably foreseeable internal and external risks to the security, confidentiality and/or integrity of any electronic, paper or other records containing personal information, and to evaluate and improve, where necessary, the effectiveness of current safeguards for limiting such risks. To this end, the Company
- employs ongoing Employee training,
- sets policy for Employees relating to the storage, access and transportation of Client records and personal information,
- reviews the scope of security measures at least annually,
- reasonably monitors its information systems, including for unauthorized use or access, and
- reasonably reviews and tests electronic encryption and other elements of its computer security system (including its secure user authentication protocols, secure access control measures and system security agent software). The CCO reviews all contractual relationships with third party service providers engaged by the Company to ensure adequate protections are in place with respect to the safeguarding of personal information.
The Company collects and keeps only such information that is necessary for it to provide the services requested by its Clients and to administer its Clients’ business with the Company. For instance, the Company may collect nonpublic personal information (such as name, address, social security number, assets, income, net worth, copies of financial documents and other information deemed necessary to evaluate the Client’s financial needs) from Clients when they complete a subscription or other form. The Company may also collect nonpublic personal information from Clients or potential clients as a result of transactions with the Company, its affiliates, its Clients or others (such information to include information received from outside vendors to complete transactions or to effect financial goals).
The Company only shares the nonpublic personal information of its Clients with unaffiliated entities or individuals (i) as permitted by law and as required to provide services to the Company’s Clients, such as with representatives within our firm, securities clearing firms, insurance companies and other services providers of the Company, or (ii) to comply with legal or regulatory requirements. The Company may also disclose nonpublic personal information to another financial services provider in connection with the transfer of an account to such financial services provider. Further, in the normal course of business, the Company may disclose information it collects about Clients to entities or individuals that contract with the Company to perform servicing functions such as recordkeeping or computer-related services. Finally, the Company may make good faith disclosure of the nonpublic personal information of its Clients to regulators who have regulatory authority over the Company. Companies hired to provide support services to the Company are not allowed to use personal information for their own purposes and are contractually obligated to maintain strict confidentiality. When the Company provides personal information to service providers, it requires these providers to agree to safeguard such information, to use the information only for the intended purpose and to abide by applicable law. The Company does not (x) provide personally identifiable information to mailing list vendors or solicitors for any purpose or (y) sell information relating to its Clients to any outside third parties.
Employee Access to Information
Only Employees with a valid business reason have access to Clients’ personal information. These Employees are educated on the importance of maintaining the confidentiality and security of such information and are required to abide by the Company’s information handling practices. The Company employs reasonable procedures to prevent terminated Employees from accessing records containing personal information.
Protection of Information
The Company maintains security standards to protect Clients’ information, whether written, spoken, or electronic. To that end, the Company restricts access to nonpublic personal information to Company personnel who need to know such information in order to provide services to Clients. All electronic or computer files containing such information is password secured and firewall protected from access by unauthorized persons. The Company periodically updates and checks its systems to ensure the protection and integrity of information. The Company also maintains reasonable restrictions upon physical access to records containing personal information, and stores such records in secure facilities. Maintaining Accurate Information The Company’s goal is to maintain accurate, up to date Client records in accordance with industry standards. The Company has procedures in place to keep information current and complete (including the timely correction of inaccurate information).
Should a Client send the Company a question or comment via e-mail, the Company will share the Client’s correspondence only with those Employees or agents most capable of addressing the Client’s question or concern. All written communications pertaining to such question or comment will be retained by the Company until such time as the Company believes (in its good faith judgment) that it has provided the Client with a complete and satisfactory response. After that time, the Company will either discard the communication or archive it according to the requirements of applicable securities laws. Please note that, unless expressly advised otherwise, the Company’s e-mail facilities do not provide a means for completely secure and private communications. Although every attempt will be made to keep Client information confidential, from a technical standpoint, there is still a risk. For that reason, please do not use e-mail to communicate information to the Company that is considered to be confidential. If the Client wishes, communications with the Company may be conducted via telephone or by facsimile. Additional security is available to Clients if they equip their Internet browser with 128-bit “secure socket layer” encryption, which provides more secure transmissions.