[20938]
March 8, 2007
TO: COMPLIANCE ADVISORY COMMITTEE No. 3-07INVESTMENT ADVISER MEMBERS No. 6-07
INVESTMENT ADVISER ASSOCIATE MEMBERS No. 2-07
PRIVACY ISSUES WORKING GROUP No. 1-07
SEC RULES MEMBERS No. 31-07
SMALL FUNDS MEMBERS No. 21-07 RE: CALIFORNIA'S FINANCIAL INFORMATION PRIVACY ACT SURVEY
The California Department of Corporations recently sent to investment advisers and broker-dealers subject to the Department’s jurisdiction a “Compliance Survey Regarding the California Financial Information Privacy Act.” This survey is intended by the Department to provide them meaningful information, in an efficient fashion, regarding how California’s Financial Privacy Act is impacting investment advisers and broker-dealers. In particular, the survey seeks information on whether investment advisers or broker-dealers are required to comply with the “opt-in” provisions of the Act because they share information with non-affiliated third parties. [1] For those entities that are subject to the Act’s opt-in requirements, the survey seeks additional information regarding their implementation of the Act’s requirements. [2] Part V of the survey requires a representative of the entity returning the survey to certify that the entity’s response is true and correct to the best of that person’s knowledge.
The California Financial Information Privacy Act and the California Corporate Securities Law, which governs California’s regulation of broker-dealers and investment advisers, do not appear to require persons subject to those acts to complete surveys regarding compliance efforts or to certify their compliance. Moreover, under current law, in the event a person fails to complete and return a survey there would appear to be no legal recourse for such failure. Notwithstanding this, the Department believes it has the authority to conduct the survey and remains very interested in receiving completed surveys in response to its request.
Tamara K. Salmon
Senior Associate Counsel
endnotes
[1] Section 4056 of the California Financial Information Privacy Act contains several exceptions that relieve persons from having to comply with any of the Act’s notice and opt-in requirements. These exceptions largely track those available under the Gramm-Leach-Bliley Act. Among the exceptions are that the release of information is necessary: (1) to effect, administer, or enforce a transaction requested or authorized by the consumer or in connection with maintaining or servicing the consumer’s account; (2) to protect against or prevent fraud, identity theft, unauthorized transactions, claims or liability or is released for required institutional risk control or for resolving customer disputes or inquiries; or (3) for the third party to perform business or professional services provided certain conditions are met. For a more in-depth discussion of the Act and these exceptions, see Institute Memorandum to Compliance Advisory Committee No. 67-03, Privacy Issues Working Group No. 3-03, SEC Rules Members No. 113-03, and Small Funds Members No. 43-03 [No. 16477], dated Aug. 28, 2003. See also Institute Memorandum to Chief Compliance Officer Committee No. 62-05, Compliance Advisory Committee No. 53-05, Privacy Issues Working Group No. 5-05, and Small Funds Members No. 84-05 [No 19224], dated Oct. 6, 2005, discussing a federal district court decision striking the affiliate-sharing provisions of the Act based upon the court’s finding that they were preempted by federal law.
[2] The survey also requests that recipients maintain records regarding complaints received from California consumers regarding the disclosure of nonpublic personal information. The Financial Information Privacy Act does not include recordkeeping requirements.