July 14, 2020

Volume X, Number 196

July 14, 2020

Subscribe to Latest Legal News and Analysis

July 13, 2020

Subscribe to Latest Legal News and Analysis

SEC: Practice What You Preach on Privacy

One of the most common things we discuss with clients is the need to ensure that privacy policies accurately reflect the actual procedures in place for handling confidential information.  The SEC reiterated that point last week in a Risk Alert that encouraged SEC-registered companies to review their written policies and procedures to ensure adequate implementation and compliance with the law.  In the Risk Alert, the Office of Compliance Inspections and Examinations (“OCIE”) published a list of issues under Regulation S-P (the privacy rule) it has seen in the context of exams.

The Risk Alert identifies the following common deficiencies:

  • Privacy and Opt-Out Notices: Many companies have failed to provide the necessary notices and even when notices are provided, they do not accurately reflect the company’s policies and procedures.
  • Lack of Policies and Procedures: Some companies simply do not have in place all policies and procedures that are necessary to be in compliance with Regulation S-P.  For example, OCIE has encountered companies that purport to adopt the Safeguards Rule but have no documented procedures related to administrative, technical and physical safeguards.
  • Policies Not Implemented or Reasonably Designed to Safeguard Information: Some of the written policies that are in place are not actually suited to accomplish the stated goal – namely, safeguarding sensitive information.  OCIE has seen inadequacies related to the handling of personal information on personal devices, electronic communications, unsecure networks, and outside vendors.  OCIE also has encountered inadequate training and monitoring policies, incomplete incident response plans, and various other protocols that put sensitive information at risk.

Entities registered with the SEC should take this opportunity – while they are (hopefully) outside the spotlight of a regulatory exam – to revisit their policies and procedures to ensure that they accurately reflect the protocols in place and comply with Regulation S-P.  This sort of preventative analysis could help companies avoid charges of violating Regulation S-P in the future.  

© 2020 Vedder PriceNational Law Review, Volume IX, Number 113


About this Author

Blaine C. Kimrey, media defense Litigation, Vedder Price Law Firm Chicago Office

Blaine C. Kimrey is a Shareholder in the Litigation practice area in the firm’s Chicago office.

A former journalist at two daily newspapers (the Austin American-Statesman and the Arkansas Democrat-Gazette), Mr. Kimrey is a trial lawyer who has dedicated more than 20 years to working for and defending media entities. Mr. Kimrey’s practice, however, extends well beyond media defense, focusing on a broad range of direct and class action litigation involving topics as diverse as privacy, consumer deception, intellectual property,...

312-609 7865
Bryan Clark Media & Privacy Law  litigation Vedder Price Law Firm Chicago

Bryan Clark is an Associate at Vedder Price and a member of the Litigation group in the firm’s Chicago office.  He has an extensive media and privacy practice that includes privacy class action defense, mobile-marketing litigation, class action TCPA litigation, copyright litigation, right of publicity litigation, data breach response, FOIA issues, reporter’s privilege issues and prepublication review.

Mr. Clark’s other representative work includes drafting successful dispositive motions in right of publicity and invasion of privacy cases, arguing successful motions to quash on behalf of media entities facing subpoenas, defeating motions for preliminary injunction in intellectual property litigation, and advising advertising and marketing clients on compliance issues. He presents on issues related to digital privacy and data breach before a national audience, such as the ABA Annual Meeting in 2013.

Mr. Clark is a member of the Trial Bar for the Northern District of Illinois and has first-chair trial experience in federal court. As a litigator, Mr. Clark has been involved in a broad range of matters in addition to media and privacy, including topics as diverse as loan enforcement and foreclosure, consumer fraud, environmental, construction, and insurance law. He also has handled a variety of pro bono engagements, including work for nonprofit media entities, representation of an Illinois prisoner with multiple sclerosis, and Section 1983 civil rights litigation

312-609 7810
Joel Forman, Litigation Attorney, Vedder Price Law Firm

Joel S. Forman is a Shareholder in the New York office of Vedder Price and a member of the firm's Litigation practice area.

(212) 407 7775