Privacy Office

Welcome to the U.S. Securities and Exchange Commission (SEC) Privacy Office.

Mission

The mission of the Privacy Office is to build privacy compliance into SEC programs and activities by encouraging and promoting adherence to the Privacy Act of 1974, the E-Government Act of 2002, OMB privacy related memoranda and various other Federal privacy statutes, regulations, and policies.

SEC Privacy Program Contacts are:

Senior Agency Official for Privacy
In response to OMB Memorandum 03-22, “OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002”, the SEC has designated R. Corey Booth, SEC’s Chief Information Officer, as its Senior Agency Official for Privacy, (202) 551-8800.

Chief Privacy Officer — Barbara Stance, (202) 551-7209

Privacy Program Analyst — Ronnette McDaniel, (202) 551-8378

Legislative Mandates Governing Privacy

The SEC is responsible for ensuring the privacy and confidentiality of the information it collects on members of the public and its own employees. These individuals have a right to expect that the SEC will collect, maintain, use, and disseminate Personally Identifiable Information (PII) only as authorized by law and as necessary to carry out agency responsibilities. Access to PII is restricted to those SEC staff members who have a need to access the data to carry out their official duties and those persons who are responsible for ensuring the privacy and confidentiality of the data. The information that the SEC collects about an individual that is maintained in a system of record is protected by the Privacy Act of 1974, as amended which affords individuals the right to privacy in records that are maintained and used by Federal agencies.

E-Government Act of 2002

The availability of information, from PII to public information, is made easier today due to technological changes in computers, digitized networks, internet access, and the creation of new information products. In the E-Government (E-Gov) Act of 2002, Congress recognized that these advances also have important ramifications for the protection of PII contained in government records and systems.

The E-Gov Act mandates an assessment of the privacy impact of any substantially revised or new information technology system. The document resulting from these mandated assessments is called a Privacy Impact Assessment (PIA).

Official Guidance

The SEC Privacy Impact Assessment Guide is the official guidance used by SEC staff members in drafting PIAs. The Guide, the template for the Privacy Analysis Worksheet (used to determine whether a PIA is required), and the PIA template is located below.

• Privacy Impact Assessment Guide, January 2007 (PDF 17 pages)
   
• Privacy Analysis Worksheet Template (PDF, 2 pages)
   
• Privacy Impact Assessment Template (PDF,2 pages)

In accordance with official guidance (M-03-22, OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002), the PIA document and, if prepared, summary, are made publicly available (consistent with executive branch policy on the release of information about systems for which funding is proposed). In addition, agencies are not required to post full PIAs on centrally located websites and need not make PIAs publicly available if publication would raise security concerns by revealing classified or sensitive information.

The SEC provides the following links to the summaries of its PIAs and contact information that can be used to obtain full copies of a PIA. The list is organized chronologically with the most recent PIA presented first. To obtain a copy of a listed PIA, you may submit a request for the PIA to privacyhelp@sec.gov. You may also mail a written request to: SEC, Barbara Stance, Chief Privacy Officer, Mail Stop 0-4, 6432 General Green Way, Alexandria, VA 22312.

List of SEC Privacy Impact Assessments (PIA)

• Easy Lobby and eAdvance
   
• System of Enforcement Case Tracking and Routing
   
• Quicktime
   
• Continuity Support Center System
   
• Phoenix
   
• E-Travel
   
• US Access Program
   
• Federal Identity Management
   
• Strategic Acquisition Manager
   
• Name Relationship Search Index
   
• Administrative Law Judges Case Tracking System
   
• NotiFind
   
• Testimony Tracking System

• Hub System

• Momentum Financials
   
• Travel Manager
   
• Electronic Documents
   
• Electronic Bluesheet System
   
• FOIAXpress

Privacy Impact Assessments

Easy Lobby (9.0) and eAdvance, June 24, 2008.

System of Enforcement Case Tracking and Routing (SECTR), June 10, 2008.

Quicktime, April 24, 2008.

Summary: Quicktime is a web-based time and attendance system that allows employee entry of time, as well as traditional timekeeper data entry.

Continuity Support Center (CSC) System, March 11, 2008.

Summary: CSC is a Web-based system that allows all SEC offices to publish their business continuity related documents, and also allows office administrators to update various office specific personnel lists such as, emergency or essential teams, to facilitate the performance of essential functions during emergencies or other situations that may disrupt normal operations.

Phoenix, September 28, 2007.

Summary: Phoenix is a database that tracks disgorgements and civil penalties ordered and paid in Commission civil actions and administrative proceedings.

E-Travel (EDS Fedtraveler), August 14, 2007.

US Access Program, July 23, 2007.

Summary: Homeland Security Presidential Directive-12 (HSPD-12) established the requirement for a mandatory government-wide standard for identifying Federal Government employees and contractors. The US Access Program produces compliant Personal Identity Verification (PIV) credentials of Federal Employees and Contractors pursuant to HSPD-12.

Federal Identity Management, (FIM), May 25, 2007.

Summary: The FIM system is a suite of applications used to manage the user account lifecycle at the SEC. FIM will allow for automated, approvals based process for managing employee and contractor identities and user account in various SEC systems.

Strategic Acquisition Manager, (SAM), May 8, 2007.

Summary: SAM is a web-based system for SEC staff involved in the acquisition process; it tracks and stores procurement for the SEC. Users generate a procurement request through an iterative, multi-user approval process. After approval of the request, contracting personnel accept the request and convert it into a solicitation package; an award document or a Government Purchase Card transaction.

Name Relationship Search Index (NRSI), April 25, 2007.

Summary: The NRSI application provides a cross-reference of data by name that is contained in internal automated SEC systems. The SEC has several automated information systems to record and track information relating to companies and individuals that deal in securities exchanges. The information managed by these automated information systems is received from a number of disparate sources.

Administrative Law Judges Case Tracking System, March 30, 2007.

Summary: This system is the single data point/record for Office of Administrative Law Judge cases. This application contains all administrative proceedings, hearings, and pre-hearing conferences that are scheduled before an Administrative Law Judge. All actions taken, including the final disposition, are entered here.

NotiFind, March 30, 2007.

Summary: NotiFind is an automated system that sends text and/or voice messages to a defined group of SEC employees and contractors. It allows the SEC to efficiently and effectively communicate vital information to selected employees and contractors during an emergency. It also allows the SEC to account for personnel after an emergency. NotiFind replaced the SEC Emergency Notification System (ENS).

Testimony Tracking System (TTS), March 26, 2007.

Summary: TTS is a mixed system with financial and non-financial components. It is a web-based, on-line electronic system that allows Division of Enforcement (ENF) staff to order and receive an electronic version of transcripts from the prime contractor. TTS also collects data about financial events, and it updates witness names and dates of testimony in the ENF Case Tracking System.

Hub System, (HUB), March 14, 2007.

Summary: The HUB is a Case Management Tool that provides the capability for case data augmentation and reporting by the SEC Division of Enforcement.

Momentum Financials, February 27, 2007.

Summary: Momentum Financials is the SEC’s financial system of record used for financial data collection and reporting.

Travel Manager, February 27, 2007.

Summary: Travel Manager is the SEC’s travel management system that tracks travel related financial data, collection and reporting.

Electronic Documents (EDOCS), February 26, 2007.

Summary: Each year the SEC receives the equivalent of approximately 50 million pages of documents. Approximately 70-80% are received in electronic format with the remainder submitted as paper. The SEC Division of Enforcement (ENF) receives more than 80% of the documents as evidence through request letters and subpoenas. EDOCS allows the SEC to manage and research these electronic documents as they support the SEC regulatory mission. EDOCS provides the ability to scan, convert to text, and load electronic documents, whether received in paper or electronic form, into an organized, searchable repository.

Electronic Bluesheet System, (EBS) October 17, 2006.

Summary: The EBS issues and tracks SEC request for, and receipt of, securities transaction information from the registered broker dealer community and securities self-regulatory organizations.

FOIAXpress, May 2, 2006.

Summary: FOIAXpress is a COTS product which is specifically designed to track Freedom of Information Act and Privacy Act requests and to provide a full range of electronic document management capabilities.

List of Current SEC System of Record Notices

(as published in the Federal Register; please click on notice to view a pdf copy)

• (SEC-1) Registration Statements Filed Pursuant to Provisions of the Securities Act of 1933, Securities Exchange Act of 1934, Public Utility Holding Company Act of 1935, and Investment Company Act of 1940
   
• (SEC-2) Applications for Registration or Exemption under the Investment Company Act of 1940
   
• (SEC-3) Notification of Exemption from Registration under the Securities Act of 1933
   
• (SEC-4) Beneficial Ownership, Acquisition, Tender Offer, and Solicitation Records Filed under the Securities Exchange Act of 1934
   
• (SEC-5) Ownership Reports and Insider Trading Transaction Records Filed under the Securities Exchange Act of 1934, Public Utility Holding Company Act of 1935, and Investment Company Act of 1940
   
• (SEC-6) Periodic Reports Filed under the Securities Act of 1933, Securities Exchange Act of 1934, Public Utility Holding Company Act of 1935, and Investment Company Act of 1940 and Investment Advisers Act of 1940
   
• (SEC-7) Proposed Sale of Securities Records Filed under the Securities Act of 1933
   
• (SEC-8) Proxy Soliciting Material Filed under the Securities Exchange Act of 1934, Public Utility Holding Company Act of 1935, and Investment Company Act of 1940
   
• (SEC-9) Correspondence Files Pertaining to Registered Broker-Dealers
   
• (SEC-10) Correspondence Files Pertaining to Registered Investment Advisers
   
• (SEC-11) Correspondence Files Pertaining to Registered Investment Companies
   
• (SEC-12) Hearings, Proceedings and Studies
   
• (SEC-13) No-action and Interpretative Letters
   
• (SEC-14) Administrative Audit System
   
• (SEC-15) Pay and Leave System
   
• (SEC-16) Administrative Law Judge Assignments and Dispositions of Administrative Proceedings
   
• (SEC-17) Minutes Regarding Action Taken by the Commission
   
• (SEC-18) Applications for Relief From Disqualification Filed Under the Securities Act of 1933 and the Commission's Rules of Practice
   
• (SEC-19) Division of Corporation Finance and Support Office Working Files
   
• (SEC-20) Division of Corporation Finance Index for Filings on Schedule 13D and Filings under Regulations A and B
   
• (SEC-21) Division of Investment Management Correspondence and Memoranda Files
   
• (SEC-22) Executive/Congressional Personnel Referrals
   
• (SEC-23) Staff Time and Activity Tracking System (STATS)
   
• (SEC-24) Freedom of Information Act Requests
   
• (SEC-25) Office of Public Affairs, Policy Evaluation and Research Records
   
• (SEC-26) Confidential Treatment Request Imaging System
   
• (SEC-27) Name-Relationship Search System (NRS)
   
• (SEC-28) Office of the Chief Accountant Working Files
   
• (SEC-29) Agency Correspondence Tracking System (ACTS)
   
• (SEC-30) Office of General Counsel Work Files
   
• (SEC-31) Office of General Counsel (Adjudication) Working Files
   
• (SEC-32) Rule 102(e) of the Commission's Rules of Practice -- Appearance and Practice Before the Commission
   
• (SEC-33) Administrative and Litigation Release System
   
• (SEC-34) Administrative Proceedings Records Cards
   
• (SEC-35) Securities Violations Records and Bulletin
   
• (SEC-36) Administrative Proceeding Files
   
• (SEC-37) Automated Personnel Management Information System
   
• (SEC-38) Personnel Management Code of Conduct and Employee Performance Files
   
• (SEC-39) Personnel Management Employment and Staffing Files
   
• (SEC-40) Office of Personnel Training Files
   
• (SEC-41) Child Care Subsidy Program
   
• (SEC-42) Enforcement Files
   
• (SEC-43) Office of Inspector General Investigative Files
   
• (SEC-44) Ridesharing System
   
• (SEC-45) Public Transportation Subsidy Program
   
• (SEC-46) Identification Cards, Press Passes, and Proximity Access Control Cards
   
• (SEC-47) Disgorgement and Penalties Tracking System
   
• (SEC-48) Fitness Center Membership, Payment, and Fitness Records
   
• (SEC-49) Broker-Dealer Records
   
• (SEC-50) Investment Adviser Records
   
• (SEC-51) Emergency Contingency Plan System
   
• (SEC-52) Visitor Badge and Employee Day Pass System
   
• (SEC-53) Automated Emergency Notification System
   
• (SEC-54) Photographic Files

http://www.sec.gov/about/privacy/secprivacyoffice.htm