FINRA rules for password protecting sensitive documents?
4 RepliesJump to last post
Can someone point me to any Finra regs or rulings that say documents with sensitive customer data like Socials must be password protected?
There is no FINRA rule per se on password-protecting customer records however, an examiner may cite SEC Reg S-P stating that sending unsecured customer records over the internet may subject the information to privacy breaches. That's an example of how they would back into the password protection requirement. You should also check your firm's privacy policy and data security policy. FINRA does require the BD to have data security protocol though FINRA will rarely tell a BD exactly what to do. As a former CCO, though my firm didn't have password protection requirements on sending customer records by email I always protected attachments when sending to a regulator.
Also consider the recently adopted MA Privacy Laws - which a number of states are following suit. In the MA Privacy Laws, password protection doesn't cut it when sending personal information (which can be a small as a client name with account number) - this will need to be encrypted.
Do the MA privacy Laws include Connecticut and can someone point me to something I can read and see when it took in to effect.