Welcome to the U.S. Securities and Exchange Commission (SEC) Privacy Office.
The mission of the Privacy Office is to build privacy compliance into SEC programs and activities by encouraging and promoting adherence to the Privacy Act of 1974, the E-Government Act of 2002, OMB privacy related memoranda and various other Federal privacy statutes, regulations, and policies.
SEC Privacy Program Contacts are:
Senior Agency Official for Privacy
SAOP — Thomas Bayer, (202) 551-8800
Acting Chief Privacy Officer — Cristal Perpignan, (202) 551-7716
Privacy Management Analyst — Ronnette McDaniel, (202) 551-8378
Law Clerk — Darwana Hall, (202) 551-6818
Legislative Mandates Governing Privacy
The SEC is responsible for ensuring the privacy and confidentiality of the information it collects on members of the public and its own employees. These individuals have a right to expect that the SEC will collect, maintain, use, and disseminate Personally Identifiable Information (PII) only as authorized by law and as necessary to carry out agency responsibilities. Access to PII is restricted to those SEC staff members who have a need to access the data to carry out their official duties and those persons who are responsible for ensuring the privacy and confidentiality of the data. The information that the SEC collects about an individual that is maintained in a system of record is protected by the Privacy Act of 1974, as amended which affords individuals the right to privacy in records that are maintained and used by Federal agencies.
E-Government Act of 2002
The availability of information, from PII to public information, is made easier today due to technological changes in computers, digitized networks, internet access, and the creation of new information products. In the E-Government (E-Gov) Act of 2002, Congress recognized that these advances also have important ramifications for the protection of PII contained in government records and systems.
The E-Gov Act mandates an assessment of the privacy impact of any substantially revised or new information technology system. The document resulting from these mandated assessments is called a Privacy Impact Assessment (PIA).
The SEC Privacy Impact Assessment Guide is the official guidance used by SEC staff members in drafting PIAs. The Guide, the template for the Privacy Analysis Worksheet (used to determine whether a PIA is required), and the PIA template is located below.
In accordance with official guidance (M-03-22, OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002), the PIA document and, if prepared, summary, are made publicly available (consistent with executive branch policy on the release of information about systems for which funding is proposed). In addition, agencies are not required to post full PIAs on centrally located websites and need not make PIAs publicly available if publication would raise security concerns by revealing classified or sensitive information.
The SEC provides the following links to the summaries of its PIAs and contact information that can be used to obtain full copies of a PIA. The list is organized chronologically with the most recent PIA presented first. To obtain a copy of a listed PIA, you may submit a request for the PIA to firstname.lastname@example.org.
List of SEC Privacy Impact Assessments (PIA)
Privacy Impact Assessments
Summary: FSSP is an integrated financial and acquisition management system used to produce a single data model for financial transaction processing and producing SEC's financial statements, financial transaction reports, analytical reports, and ad hoc management reports. The new system allows for better integration of program, financial, and budgetary information to support more efficient and effective operations at the SEC.
Summary: OTCnet will replace the current Paper Check Conversion Over the Counter (PCC OTC) system and combines electronic check conversion or truncation, and deposit reporting functions. The system will provide the SEC with the capability of seamlessly handling agency cash, coins, and check deposits to financial institutions with one Web-based application. OTCnet will enable the SEC to convert or truncate paper checks, cashier checks, and money orders received by the agency in order to expedite the collection of funds received by the SEC.
Summary: PCC OTC will enable the SEC to electronically convert or truncate paper checks, cashier checks, and money orders received by the agency in order to expedite the collection of funds received by the SEC.
Summary: Nexidia software allows for searching digital audio recordings received by the Division of Enforcement during investigations. The software will allow the recordings to be loaded into a Microsoft SQL database and indexed. Nexidia will perform automated searches of the recordings that will dramatically improve the efficiency of the review process allowing staff to zero in on important conversations quickly.
Summary: The Index Engines appliance will allow the Division of Enforcement to search files on backup tapes produced in investigations, and then restore and load the files that contained search hits into the Concordance System database.
Summary: IARD is a web-based electronic registration depository that allows Form ADV filers to submit information via a secure online web-form and eliminate the need for paper filings. IARD is used to help the SEC staff process applications for registration or exemption and related forms under the Investment Advisers Act of 1940 and to implement the Federal securities laws and rules.
Summary: Background Investigation Case Tracking System Phase 2 integrates an electronic connection with the Office of Personnel Management (OPM) which will allow for electronic delivery of the OPM investigative data. This system is a web-based COTS application used to electronically manage the background investigation process.
Summary: LMS Employee Data Database is a compilation of employee and contractor data imported from the Department of Interior (DOI) and the SEC active directory that will be the source of data for the LMS/PMIS System.
Summary: LMS/PMIS is an .asp hosted system that contains two modules: the Learning Management System (LMS) and Performance Management Information System (PMIS). LMS will consolidate mixed-media learning programs from all segments of the SEC, automate selection and administration of courses, assemble and deliver learning content, measure learning effectiveness, and offer the capability to integrate with other systems. PMIS will change the format of the SEC employee's annual review process from a paper-based method to an electronic method. Employee performance can be managed by generating review forms, recommending learning activities, providing personalized employee performance plans, and tracking employees' performance history.
Summary: EPS is a web-based commercial-off-the-shelf application that automates the Ethics Office's administration and management of the information SEC employees report about their personal financial holdings and transactions, as required by the federal securities and government ethics laws and regulations.
Summary: Enterprise Vault provides the SEC with the ability to Journal all messages sent and received internal and external to the Commission, as well as provide the capability to archive infrequently used/read messages from Exchange 2003.
Summary: The TCR Intake and Resolution System will collect, store, review, circulate and analyze tips, complaints, and referrals received by the SEC from individuals concerning alleged violations of the federal securities laws.
Summary: The SEC Telephone Directory System provides a single search point for SEC employees, contractors, interns, mailrooms, divisions, and offices to locate SEC personnel contact information on the SEC intranet. Additionally the directory will allow SEC employees, contractors, and interns to edit their own profiles.
Summary: The Municipal Advisor Registration System is a web-based system that will facilitate the registration of municipal advisors pursuant to Section 975 of the Dodd-Frank Act requiring municipal advisors to register with the Commission.
Summary: 2010 New England Securities Conference database will be utilized by the SEC Boston Regional ffice for on-line conference registration, associated activities and report generation.
Summary: LiveNote is a tool that will enable the SEC staff to receive live transcript text directly from the court reporter's system during trial, markup live text as it scrolls onto their computer screen and search previous testimony. The software also creates an index for each transcript and it has the capability to link to exhibits and video clips. LiveNote allows Enforcement staff to have real time access to transcripts and to previous testimony.
Summary: CaseMap 8.5 is a case management tool that allows Enforcement staff to organize their facts pertinent to their case and important documents in one central location. Users can link information from Concordance and other shared drive locations to their facts in CaseMap and create chronologies and key facts lists.
Summary: 34th Annual Southwest Enforcement Conference database will be utilized by the SEC Fort Worth Regional Office for on-line conference registration, associated activities and report generation.
Summary: The Electronic Official Personnel Folder (eOPF) is a secure tool that allows HR Specialists, managers and Federal employees to safely and efficiently access personnel records via the Internet. The eOPF system was developed in support of the e-Government initiative to move towards a paperless environment. The eOPF system provides agency users with the ability to view their personnel folder and Human Resource Specialists with the ability to improve operational efficiency by replacing a paper-based records management system with an electronic system.
Summary: The XBRL Tools Selection Project is a system that will consist of commercial off-the-shelf software that will store XBRL and other interactive data in a machine-readable format for Commission staff to use in review, reporting, and analysis activities. Currently, the Commission receives interactive data from filers but has no applications to assist staff in using the data in their work. This system will facilitate the use of the interactive data by Commission staff to conduct their review and investigation activities.
Summary: Momentum Financials is the Securities & Exchange Commission’s core financial management application and official book of record. The Central Contractor Registry (CCR) is a central repository of vendor names and related information such as billing, payment, and procurement, for vendors that have registered with the Federal Government. The CCRC project will implement automatic updates of vendor information from the CCR database.
Summary: The Data Analysis Reporting Tool is a tool that assists the Commission examination staff in the import and analysis of trade data. The purpose of DART is to provide Commission staff members with an analysis tool that has the ability to operate on different data formats and provide an immediate and consistent analysis.
Summary: The Background Investigation Case Tracking System is a COTS application that will automate the processing of personnel investigations, which will significantly reduce the time required to process new hire background investigations at the SEC. The system will collect personally identifiable information in order to allow the agency to perform a background investigation in conjunction with the Office of Personnel Management, who performs investigations for the agency.
Summary: Rule 19d-1 of the Securities and Exchange Act requires Self Regulatory Organizations (SROs) to notify the Commission of final disciplinary actions taken against its members. The 19d-1 Filing Tracking System is a web service that allows SROs to file these notices electronically. Once filed, searches and reports can be generated using the data. The application collects mostly public information from external sources (e.g. SROs or other industry participants such as regulated entities) using a secure website.
Summary: The Risk Assessment Documentation & Inspection Umbrella System (RADIUS) project will establish an overarching examination platform or framework that will support, facilitate and automate numerous aspects of the examination process of the Office of Compliance, Inspection and Examination (OCIE). The system will automate identification and documentation of risk assessment of entities during examination process. The system will deliver a document management system to create and store work papers and work flow management capabilities. The system will also replace the current examination tracking system STARS. The system will have extensive capabilities to manage registrants' information and communications and search internal and external databases to facilitate research and due diligence during examination process. The system will deliver data management capabilities to include importing, processing, analysis and reporting of registrants' transaction-based and financial data. The system will deliver extensive reporting capabilities.
Summary: The GovDelivery Email Subscription Management System ("GovDelivery ESM" or the "System") is a web-based software system invented, owned, and operated by GovDelivery, Inc. of St. Paul, MN. The system is used to handle email and digital subscription management and to deliver opt-in email and other messaging. GovDelivery ESM is hosted at GovDelivery, Inc.'s Tier III data center and delivered on a Software as a Service (SaaS) basis to nearly 250 public entities including, among others, the U.S. Department of Homeland Security, Labor, Treasury, Transportation, and the Federal Reserve. The System allows website visitors of agency clients to subscribe to receive email and wireless alerts based on individual, self-selected, needs and interests.
Summary: Momentum Financials is the SEC's financial system of record used for financial data collection and reporting. The SEC is updating the Momentum Financials PIA issued on February 27, 2007 to reflect changes identified through system version upgrade.
Summary: The HelpSpot system will allow anyone with access to the SEC Intranet to click on a link in the Insider to bring up a web-based form and request a facility or real property repair (e.g., adjust office temperature, repair door closer, replace broken desk chair, etc.). Once submitted, the user's request form will be emailed to one or more SEC mailboxes set up specifically for facilities requests.
Summary:Corporation Finance Interpretive Guidance System (CIGS) comprises two basic components, an external web-based request form ("Request Form") and an internal system known as the Open-source Ticket Request System ("OTRS"). The Request Form is accessible by the public through SEC.gov and provides a means through which the public may submit questions for the Division's staff to handle. The OTRS system assists with the receipt, routing, answering and internal reporting of these public inquiries.
Summary: The Division of Market Regulation, Office of Market Continuity owns the Consolidated New Database and Operational Reports (CONDOR) system and uses it to track systems outages, inspection recommendations, systems changes, document requests, and consultant and internal audit recommendations, at Self-regulatory Organizations/Electronic Communications Network (SROs/ECNs ) subject to review by the Automation Review Program (ARP).
Summary:The plan of the EPSA project is to automate the Ethics Office’s administration and management of the information SEC employees report about their personal financial holdings and transactions, as required by the federal securities and government ethics laws and regulations, on such forms as SEC 682 and 681, OGE 450 and SF 278. It is proposed that the current, primarily paper-based, employee reporting process will be automated using a web-based commercial-off-the-shelf (COTS) product that is commercially available. No product has been selected yet.
Summary: APS is a web-based system for SEC staff involved in the acquisition process. It is a COTS contract management system that will be used to track and store procurement data for the SEC. Users generate a procurement request through an iterative, multi-user approval process. After approval of the request, contracting personnel accept the request and convert it into a solicitation package; an award document or a Government Purchase Card transaction.
Summary: LDRPS is used to build the Office of Information Technology (OIT) Disaster Recovery Plans, which will describe Disaster Recovery (DR) roles and responsibilities and the resources needed to recovery from a disaster. It helps the Disaster Recovery Manager build the plan structure for OIT and enables the DR Manager to print plans during an emergency.
Summary: As part of its mission, and in order to serve the public and the Division and Commission's regulatory mandates, the Office of Interpretation and Guidance (OIG) will use the OIG Log system to log calls, e-mails, and other communications submitted to the Division of Trading and Markets' telephone hotline and public email boxes, or referred from other Divisions or TM offices; and to document the staff guidance provided. The provision of personal and other information by the public is voluntary, unsolicited, and not required.
Self Regulatory Organizations (SROs) Market Surveillance Referrals/Investigation Referral System, November 20, 2008.
Summary: This application allows SROs to submit their investigative findings into the SEC electronically for enforcement consideration.
Summary: The database is used to digitize and index photographic files that have historically been provided to the SEC Library by SEC staff for inclusion in the Library’s collection.
Summary: EDGAR is the SEC’s electronic filing system. EDGAR performs automated collection, validation, indexing, acceptance, and dissemination of submissions by companies and individuals. These submissions are required by federal securities laws and regulations and, are released for public disclosure.
Summary: The International Program Oversight Database (International POD) application tracks data gathered by the Office of International Affairs (OIA) including documents related to: Requests for enforcement cooperation with foreign regulators and law enforcement agencies; International regulatory policy matters designed to protect investors, improve market efficiency, and eliminate opportunities for "regulatory arbitrage"; Technical assistance and international training programs for emerging securities markets; Directory of contacts for foreign regulators and stock exchanges; SEC staff foreign travel; and USAID reimbursement.
Summary: Easy Lobby (9.0) is an upgrade to the application currently used at Station Place (SP) and the Operations Center (OPC) to capture detailed visitor information and issue badges. The current system uses a standalone version, which does not use a shared database. Easy Lobby (9.0) will use a centralized database, which will allow the staff at SP and OPC to share visitor information. The upgrade will also allow SEC employees to use a web-based tool (eAdvance) to pre-register guests and receive email notification when the visitor checks in. The system will also allow for analysis and reporting on visitor data.
Summary: The purpose of the System for Enforcement Case Tracking and Routing (SECTR) System is to create and maintain an electronic database of enforcement matters reviewed and comments provided by staff of the Division of Trading and Markets to the Division of Enforcement; and to maintain a record of communications within the Division of Trading and Markets relating to the enforcement matters reviewed.
Summary: Quicktime is a web-based time and attendance system that allows employee entry of time, as well as traditional timekeeper data entry.
Summary: CSC is a Web-based system that allows all SEC offices to publish their business continuity related documents, and also allows office administrators to update various office specific personnel lists such as, emergency or essential teams, to facilitate the performance of essential functions during emergencies or other situations that may disrupt normal operations.
Summary: Phoenix is a database that tracks disgorgements and civil penalties ordered and paid in Commission civil actions and administrative proceedings.
Summary: E-Travel (EDS Fedtraveler) is a web-based, end-to-end travel solution which is vendor owned, hosted, maintained and operated. It replaced the current system, Travel Manager. EDS Fedtraveler provides enhanced reporting capabilities, on-line booking (carrier, car, hotel, etc) capabilities, electronic approval of travel documents and an automated interface with the financial system (Momentum).
Summary: Homeland Security Presidential Directive-12 (HSPD-12) established the requirement for a mandatory government-wide standard for identifying Federal Government employees and contractors. The US Access Program produces compliant Personal Identity Verification (PIV) credentials of Federal Employees and Contractors pursuant to HSPD-12.
Summary: The FIM system is a suite of applications used to manage the user account lifecycle at the SEC. FIM will allow for automated, approvals based process for managing employee and contractor identities and user account in various SEC systems.
Summary: SAM is a web-based system for SEC staff involved in the acquisition process; it tracks and stores procurement for the SEC. Users generate a procurement request through an iterative, multi-user approval process. After approval of the request, contracting personnel accept the request and convert it into a solicitation package; an award document or a Government Purchase Card transaction.
Summary: The NRSI application provides a cross-reference of data by name that is contained in internal automated SEC systems. The SEC has several automated information systems to record and track information relating to companies and individuals that deal in securities exchanges. The information managed by these automated information systems is received from a number of disparate sources.
Summary: This system is the single data point/record for Office of Administrative Law Judge cases. This application contains all administrative proceedings, hearings, and pre-hearing conferences that are scheduled before an Administrative Law Judge. All actions taken, including the final disposition, are entered here.
Summary: NotiFind is an automated system that sends text and/or voice messages to a defined group of SEC employees and contractors. It allows the SEC to efficiently and effectively communicate vital information to selected employees and contractors during an emergency. It also allows the SEC to account for personnel after an emergency. NotiFind replaced the SEC Emergency Notification System (ENS).
Summary: TTS is a mixed system with financial and non-financial components. It is a web-based, on-line electronic system that allows Division of Enforcement (ENF) staff to order and receive an electronic version of transcripts from the prime contractor. TTS also collects data about financial events, and it updates witness names and dates of testimony in the ENF Case Tracking System.
Summary: The HUB is a Case Management Tool that provides the capability for case data augmentation and reporting by the SEC Division of Enforcement.
Summary: Travel Manager is the SEC’s travel management system that tracks travel related financial data, collection and reporting.
Summary: Each year the SEC receives the equivalent of approximately 50 million pages of documents. Approximately 70-80% are received in electronic format with the remainder submitted as paper. The SEC Division of Enforcement (ENF) receives more than 80% of the documents as evidence through request letters and subpoenas. EDOCS allows the SEC to manage and research these electronic documents as they support the SEC regulatory mission. EDOCS provides the ability to scan, convert to text, and load electronic documents, whether received in paper or electronic form, into an organized, searchable repository.
Summary: The EBS issues and tracks SEC request for, and receipt of, securities transaction information from the registered broker dealer community and securities self-regulatory organizations.
Summary: USAS is used to collect information from applicants for Federal jobs to determine if their qualifications meet qualifications requirements for the vacancies for which they have applied.
Summary: FOIAXpress is a COTS product which is specifically designed to track Freedom of Information Act and Privacy Act requests and to provide a full range of electronic document management capabilities.
List of Current SEC System of Record Notices
(as published in the Federal Register; please click on notice to view a pdf copy)