U.S. Securities & Exchange Commission
SEC Seal
Home | Previous Page
U.S. Securities and Exchange Commission

Privacy Office

Welcome to the U.S. Securities and Exchange Commission (SEC) Privacy Office.


The mission of the Privacy Office is to build privacy compliance into SEC programs and activities by encouraging and promoting adherence to the Privacy Act of 1974, the E-Government Act of 2002, OMB privacy related memoranda and various other Federal privacy statutes, regulations, and policies.

SEC Privacy Program Contacts are:

Senior Agency Official for Privacy
In response to OMB Memorandum 03-22, “OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002”, the SEC has designated R. Corey Booth, SEC’s Chief Information Officer, as its Senior Agency Official for Privacy, (202) 551-8800.

Chief Privacy Officer — Barbara Stance, (202) 551-7209

Privacy Program Analyst — Ronnette McDaniel, (202) 551-8378

Legislative Mandates Governing Privacy

The SEC is responsible for ensuring the privacy and confidentiality of the information it collects on members of the public and its own employees. These individuals have a right to expect that the SEC will collect, maintain, use, and disseminate Personally Identifiable Information (PII) only as authorized by law and as necessary to carry out agency responsibilities. Access to PII is restricted to those SEC staff members who have a need to access the data to carry out their official duties and those persons who are responsible for ensuring the privacy and confidentiality of the data. The information that the SEC collects about an individual that is maintained in a system of record is protected by the Privacy Act of 1974, as amended which affords individuals the right to privacy in records that are maintained and used by Federal agencies.

E-Government Act of 2002

The availability of information, from PII to public information, is made easier today due to technological changes in computers, digitized networks, internet access, and the creation of new information products. In the E-Government (E-Gov) Act of 2002, Congress recognized that these advances also have important ramifications for the protection of PII contained in government records and systems.

The E-Gov Act mandates an assessment of the privacy impact of any substantially revised or new information technology system. The document resulting from these mandated assessments is called a Privacy Impact Assessment (PIA).

Official Guidance

The SEC Privacy Impact Assessment Guide is the official guidance used by SEC staff members in drafting PIAs. The Guide, the template for the Privacy Analysis Worksheet (used to determine whether a PIA is required), and the PIA template is located below.

In accordance with official guidance (M-03-22, OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002), the PIA document and, if prepared, summary, are made publicly available (consistent with executive branch policy on the release of information about systems for which funding is proposed). In addition, agencies are not required to post full PIAs on centrally located websites and need not make PIAs publicly available if publication would raise security concerns by revealing classified or sensitive information.

The SEC provides the following links to the summaries of its PIAs and contact information that can be used to obtain full copies of a PIA. The list is organized chronologically with the most recent PIA presented first. To obtain a copy of a listed PIA, you may submit a request for the PIA to privacyhelp@sec.gov. You may also mail a written request to: SEC, Barbara Stance, Chief Privacy Officer, Mail Stop 0-4, 6432 General Green Way, Alexandria, VA 22312.

List of SEC Privacy Impact Assessments (PIA)

Privacy Impact Assessments

Easy Lobby (9.0) and eAdvance, June 24, 2008.

Summary: Easy Lobby (9.0) is an upgrade to the application currently used at Station Place (SP) and the Operations Center (OPC) to capture detailed visitor information and issue badges. The current system uses a standalone version, which does not use a shared database. Easy Lobby (9.0) will use a centralized database, which will allow the staff at SP and OPC to share visitor information. The upgrade will also allow SEC employees to use a web-based tool (eAdvance) to pre-register guests and receive email notification when the visitor checks in. The system will also allow for analysis and reporting on visitor data.

System of Enforcement Case Tracking and Routing (SECTR), June 10, 2008.

Summary: SECTR is a case management tool used by the Office of Enforcement Liaison and Institutional Trading (ELIT) to create and maintain a record of enforcement cases reviewed by the Division of Trading and Markets ELIT.

Quicktime, April 24, 2008.

Summary: Quicktime is a web-based time and attendance system that allows employee entry of time, as well as traditional timekeeper data entry.

Continuity Support Center (CSC) System, March 11, 2008.

Summary: CSC is a Web-based system that allows all SEC offices to publish their business continuity related documents, and also allows office administrators to update various office specific personnel lists such as, emergency or essential teams, to facilitate the performance of essential functions during emergencies or other situations that may disrupt normal operations.

Phoenix, September 28, 2007.

Summary: Phoenix is a database that tracks disgorgements and civil penalties ordered and paid in Commission civil actions and administrative proceedings.

E-Travel (EDS Fedtraveler), August 14, 2007.

Summary: E-Travel (EDS Fedtraveler) is a web-based, end-to-end travel solution which is vendor owned, hosted, maintained and operated. It replaced the current system, Travel Manager. EDS Fedtraveler provides enhanced reporting capabilities, on-line booking (carrier, car, hotel, etc) capabilities, electronic approval of travel documents and an automated interface with the financial system (Momentum).

US Access Program, July 23, 2007.

Summary: Homeland Security Presidential Directive-12 (HSPD-12) established the requirement for a mandatory government-wide standard for identifying Federal Government employees and contractors. The US Access Program produces compliant Personal Identity Verification (PIV) credentials of Federal Employees and Contractors pursuant to HSPD-12.

Federal Identity Management, (FIM), May 25, 2007.

Summary: The FIM system is a suite of applications used to manage the user account lifecycle at the SEC. FIM will allow for automated, approvals based process for managing employee and contractor identities and user account in various SEC systems.

Strategic Acquisition Manager, (SAM), May 8, 2007.

Summary: SAM is a web-based system for SEC staff involved in the acquisition process; it tracks and stores procurement for the SEC. Users generate a procurement request through an iterative, multi-user approval process. After approval of the request, contracting personnel accept the request and convert it into a solicitation package; an award document or a Government Purchase Card transaction.

Name Relationship Search Index (NRSI), April 25, 2007.

Summary: The NRSI application provides a cross-reference of data by name that is contained in internal automated SEC systems. The SEC has several automated information systems to record and track information relating to companies and individuals that deal in securities exchanges. The information managed by these automated information systems is received from a number of disparate sources.

Administrative Law Judges Case Tracking System, March 30, 2007.

Summary: This system is the single data point/record for Office of Administrative Law Judge cases. This application contains all administrative proceedings, hearings, and pre-hearing conferences that are scheduled before an Administrative Law Judge. All actions taken, including the final disposition, are entered here.

NotiFind, March 30, 2007.

Summary: NotiFind is an automated system that sends text and/or voice messages to a defined group of SEC employees and contractors. It allows the SEC to efficiently and effectively communicate vital information to selected employees and contractors during an emergency. It also allows the SEC to account for personnel after an emergency. NotiFind replaced the SEC Emergency Notification System (ENS).

Testimony Tracking System (TTS), March 26, 2007.

Summary: TTS is a mixed system with financial and non-financial components. It is a web-based, on-line electronic system that allows Division of Enforcement (ENF) staff to order and receive an electronic version of transcripts from the prime contractor. TTS also collects data about financial events, and it updates witness names and dates of testimony in the ENF Case Tracking System.

Hub System, (HUB), March 14, 2007.

Summary: The HUB is a Case Management Tool that provides the capability for case data augmentation and reporting by the SEC Division of Enforcement.

Momentum Financials, February 27, 2007.

Summary: Momentum Financials is the SEC’s financial system of record used for financial data collection and reporting.

Travel Manager, February 27, 2007.

Summary: Travel Manager is the SEC’s travel management system that tracks travel related financial data, collection and reporting.

Electronic Documents (EDOCS), February 26, 2007.

Summary: Each year the SEC receives the equivalent of approximately 50 million pages of documents. Approximately 70-80% are received in electronic format with the remainder submitted as paper. The SEC Division of Enforcement (ENF) receives more than 80% of the documents as evidence through request letters and subpoenas. EDOCS allows the SEC to manage and research these electronic documents as they support the SEC regulatory mission. EDOCS provides the ability to scan, convert to text, and load electronic documents, whether received in paper or electronic form, into an organized, searchable repository.

Electronic Bluesheet System, (EBS) October 17, 2006.

Summary: The EBS issues and tracks SEC request for, and receipt of, securities transaction information from the registered broker dealer community and securities self-regulatory organizations.

FOIAXpress, May 2, 2006.

Summary: FOIAXpress is a COTS product which is specifically designed to track Freedom of Information Act and Privacy Act requests and to provide a full range of electronic document management capabilities.

List of Current SEC System of Record Notices

(as published in the Federal Register; please click on notice to view a pdf copy)



Modified: 07/01/2008