Non-Enforcement Actions SEC Promulgates Its Affiliate Marketing Rule The SEC recently adopted Regulation S-AM (Regulation), in order to implement Section 624 of the Fair Credit Reporting Act (amended by Section 214 of the Fair and Accurate Credit Transactions Act of 2003). The intendment of the Regulation is to limit use of personal information for solicitation and marketing purposes. It is promulgated with similar rules for certain banking agencies, including the FDIC, the Board of Governors of the Federal Reserve, and the FTC, among others.
The Regulation prohibits the using of information by affiliates for solicitation purposes. Notice, however, that it does not prohibit the sharing of such information. The Regulation also permits using the information for solicitation purposes if (1) the consumer is given conspicuous notice of the potential marketing purposes; (2) the consumer is given a simple way to opt out of such marketing efforts; and (3) the consumer has not opted out.
The Regulation provides some exceptions to the notice and opt-out requirements such as when an affiliate has a pre-existing relationship with a consumer or provides marketing material in response to an unsolicited request by a consumer. The Regulation provides that the notice and opt-out may be combined with the disclosures required by law such as for Regulation S-P.
The Regulation applies to broker-dealers, investment companies, registered investment advisers, and transfer agents. Other entities may be regulated by similar rules promulgated by other agencies. Compliance with the Regulation becomes mandatory on January 1, 2010. The Regulation includes an appendix of model forms to use to provide the notice and opt-out provisions.
Massachusetts Tightens Information Security Rules The Commonwealth of Massachusetts released 201 CMR 17.00 in June 2009, which requires new safeguarding standards of entities that own, license, maintain, or store Massachusetts residents' personal information. Under the regulations, every entity that owns, licenses, maintains, or stores personal information about a Massachusetts resident would be required to develop comprehensive, written policies and procedures for safeguarding the information. Of course, this set of rules would apply to third-party service providers such as investment advisers.
Since its announcement, the effective date has been pushed back to March 1, 2010. The regulation, as revised, generally tracks the proposed rule...