U.S. Securities & Exchange Commission
SEC Seal
Home | Previous Page
U.S. Securities and Exchange Commission

Privacy Office

Welcome to the U.S. Securities and Exchange Commission (SEC) Privacy Office.

Mission

The mission of the Privacy Office is to build privacy compliance into SEC programs and activities by encouraging and promoting adherence to the Privacy Act of 1974, the E-Government Act of 2002, OMB privacy related memoranda and various other Federal privacy statutes, regulations, and policies.

SEC Privacy Program Contacts are:

Senior Agency Official for Privacy
In response to OMB Memorandum 03-22, "OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002," the SEC has designated its Chief Information Officer as its Senior Agency Official for Privacy (SAOP).

SAOP — Thomas Bayer, (202) 551-8800

Acting Chief Privacy Officer — Cristal Perpignan, (202) 551-7716

Privacy Management Analyst — Ronnette McDaniel, (202) 551-8378

Law Clerk — Darwana Hall, (202) 551-6818

Legislative Mandates Governing Privacy

The SEC is responsible for ensuring the privacy and confidentiality of the information it collects on members of the public and its own employees. These individuals have a right to expect that the SEC will collect, maintain, use, and disseminate Personally Identifiable Information (PII) only as authorized by law and as necessary to carry out agency responsibilities. Access to PII is restricted to those SEC staff members who have a need to access the data to carry out their official duties and those persons who are responsible for ensuring the privacy and confidentiality of the data. The information that the SEC collects about an individual that is maintained in a system of record is protected by the Privacy Act of 1974, as amended which affords individuals the right to privacy in records that are maintained and used by Federal agencies.

E-Government Act of 2002

The availability of information, from PII to public information, is made easier today due to technological changes in computers, digitized networks, internet access, and the creation of new information products. In the E-Government (E-Gov) Act of 2002, Congress recognized that these advances also have important ramifications for the protection of PII contained in government records and systems.

The E-Gov Act mandates an assessment of the privacy impact of any substantially revised or new information technology system. The document resulting from these mandated assessments is called a Privacy Impact Assessment (PIA).

Official Guidance

The SEC Privacy Impact Assessment Guide is the official guidance used by SEC staff members in drafting PIAs. The Guide, the template for the Privacy Analysis Worksheet (used to determine whether a PIA is required), and the PIA template is located below.

In accordance with official guidance (M-03-22, OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002), the PIA document and, if prepared, summary, are made publicly available (consistent with executive branch policy on the release of information about systems for which funding is proposed). In addition, agencies are not required to post full PIAs on centrally located websites and need not make PIAs publicly available if publication would raise security concerns by revealing classified or sensitive information.

The SEC provides the following links to the summaries of its PIAs and contact information that can be used to obtain full copies of a PIA. The list is organized chronologically with the most recent PIA presented first. To obtain a copy of a listed PIA, you may submit a request for the PIA to privacyhelp@sec.gov.

List of SEC Privacy Impact Assessments (PIA)

Privacy Impact Assessments

Federal Shared Service Provider System (FSSP), September 13, 2011.

Summary: FSSP is an integrated financial and acquisition management system used to produce a single data model for financial transaction processing and producing SEC's financial statements, financial transaction reports, analytical reports, and ad hoc management reports. The new system allows for better integration of program, financial, and budgetary information to support more efficient and effective operations at the SEC.

Over the Counter Channel Application (OTCnet), September 12, 2011.

Summary: OTCnet will replace the current Paper Check Conversion Over the Counter (PCC OTC) system and combines electronic check conversion or truncation, and deposit reporting functions. The system will provide the SEC with the capability of seamlessly handling agency cash, coins, and check deposits to financial institutions with one Web-based application. OTCnet will enable the SEC to convert or truncate paper checks, cashier checks, and money orders received by the agency in order to expedite the collection of funds received by the SEC.

Paper check Conversion Over the Counter (PCC OTC), August 2, 2011.

Summary: PCC OTC will enable the SEC to electronically convert or truncate paper checks, cashier checks, and money orders received by the agency in order to expedite the collection of funds received by the SEC.

Nexidia ESI Audio Searching Software v.8.3.1, August 2, 2011.

Summary: Nexidia software allows for searching digital audio recordings received by the Division of Enforcement during investigations. The software will allow the recordings to be loaded into a Microsoft SQL database and indexed. Nexidia will perform automated searches of the recordings that will dramatically improve the efficiency of the review process allowing staff to zero in on important conversations quickly.

Index Engines Backup Tape Searching Appliance v3.1, August 2, 2011.

Summary: The Index Engines appliance will allow the Division of Enforcement to search files on backup tapes produced in investigations, and then restore and load the files that contained search hits into the Concordance System database.

Investment Adviser Registration Depository System (IARD), July 11, 2011.

Summary: IARD is a web-based electronic registration depository that allows Form ADV filers to submit information via a secure online web-form and eliminate the need for paper filings. IARD is used to help the SEC staff process applications for registration or exemption and related forms under the Investment Advisers Act of 1940 and to implement the Federal securities laws and rules.

Background Investigation — Case Tracking System Phase 2, June 28, 2011.

Summary: Background Investigation Case Tracking System Phase 2 integrates an electronic connection with the Office of Personnel Management (OPM) which will allow for electronic delivery of the OPM investigative data. This system is a web-based COTS application used to electronically manage the background investigation process.

LMS (Learning Management System) Employee Data Database, May 23, 2011.

Summary: LMS Employee Data Database is a compilation of employee and contractor data imported from the Department of Interior (DOI) and the SEC active directory that will be the source of data for the LMS/PMIS System.

Learning Management System (LMS)/ Performance Management System (PMIS), May 19, 2011.

Summary: LMS/PMIS is an .asp hosted system that contains two modules: the Learning Management System (LMS) and Performance Management Information System (PMIS). LMS will consolidate mixed-media learning programs from all segments of the SEC, automate selection and administration of courses, assemble and deliver learning content, measure learning effectiveness, and offer the capability to integrate with other systems. PMIS will change the format of the SEC employee's annual review process from a paper-based method to an electronic method. Employee performance can be managed by generating review forms, recommending learning activities, providing personalized employee performance plans, and tracking employees' performance history.

Ethics Program System (EPS) Upgrade, May, 6, 2011.

Summary: EPS is a web-based commercial-off-the-shelf application that automates the Ethics Office's administration and management of the information SEC employees report about their personal financial holdings and transactions, as required by the federal securities and government ethics laws and regulations.

Enterprise Vault 2007, December 23, 2010.

Summary: Enterprise Vault provides the SEC with the ability to Journal all messages sent and received internal and external to the Commission, as well as provide the capability to archive infrequently used/read messages from Exchange 2003.

Tips, Complaints, and Referrals (TCR) Intake and Resolution System, December 20, 2010.

Summary: The TCR Intake and Resolution System will collect, store, review, circulate and analyze tips, complaints, and referrals received by the SEC from individuals concerning alleged violations of the federal securities laws.

The SEC Telephone Directory System, December 3, 2010.

Summary: The SEC Telephone Directory System provides a single search point for SEC employees, contractors, interns, mailrooms, divisions, and offices to locate SEC personnel contact information on the SEC intranet. Additionally the directory will allow SEC employees, contractors, and interns to edit their own profiles.

The Municipal Advisor Registration System, September 22, 2010.

Summary: The Municipal Advisor Registration System is a web-based system that will facilitate the registration of municipal advisors pursuant to Section 975 of the Dodd-Frank Act requiring municipal advisors to register with the Commission.

2010 New England Securities Conference Database, September 22, 2010.

Summary: 2010 New England Securities Conference database will be utilized by the SEC Boston Regional ffice for on-line conference registration, associated activities and report generation.

LiveNote, August 4, 2010.

Summary: LiveNote is a tool that will enable the SEC staff to receive live transcript text directly from the court reporter's system during trial, markup live text as it scrolls onto their computer screen and search previous testimony. The software also creates an index for each transcript and it has the capability to link to exhibits and video clips. LiveNote allows Enforcement staff to have real time access to transcripts and to previous testimony.

CaseMap 8.5, August 4, 2010.

Summary: CaseMap 8.5 is a case management tool that allows Enforcement staff to organize their facts pertinent to their case and important documents in one central location. Users can link information from Concordance and other shared drive locations to their facts in CaseMap and create chronologies and key facts lists.

34th Annual Southwest Enforcement Conference Database, July 22, 2010.

Summary: 34th Annual Southwest Enforcement Conference database will be utilized by the SEC Fort Worth Regional Office for on-line conference registration, associated activities and report generation.

Electronic Official Personnel Folder (eOPF), June 22, 2010.

Summary: The Electronic Official Personnel Folder (eOPF) is a secure tool that allows HR Specialists, managers and Federal employees to safely and efficiently access personnel records via the Internet. The eOPF system was developed in support of the e-Government initiative to move towards a paperless environment. The eOPF system provides agency users with the ability to view their personnel folder and Human Resource Specialists with the ability to improve operational efficiency by replacing a paper-based records management system with an electronic system.

XBRL Tools Selection Project, June 9, 2010.

Summary: The XBRL Tools Selection Project is a system that will consist of commercial off-the-shelf software that will store XBRL and other interactive data in a machine-readable format for Commission staff to use in review, reporting, and analysis activities. Currently, the Commission receives interactive data from filers but has no applications to assist staff in using the data in their work. This system will facilitate the use of the interactive data by Commission staff to conduct their review and investigation activities.

Momentum CCRC, March 24, 2010.

Summary: Momentum Financials is the Securities & Exchange Commission’s core financial management application and official book of record. The Central Contractor Registry (CCR) is a central repository of vendor names and related information such as billing, payment, and procurement, for vendors that have registered with the Federal Government. The CCRC project will implement automatic updates of vendor information from the CCR database.

Data Analysis Reporting Tool (DART), March 24, 2010.

Summary: The Data Analysis Reporting Tool is a tool that assists the Commission examination staff in the import and analysis of trade data. The purpose of DART is to provide Commission staff members with an analysis tool that has the ability to operate on different data formats and provide an immediate and consistent analysis.

Background Investigation Case Tracking System, March 24, 2010.

Summary: The Background Investigation Case Tracking System is a COTS application that will automate the processing of personnel investigations, which will significantly reduce the time required to process new hire background investigations at the SEC. The system will collect personally identifiable information in order to allow the agency to perform a background investigation in conjunction with the Office of Personnel Management, who performs investigations for the agency.

19d-1 Filing Tracking System, August 26, 2009.

Summary: Rule 19d-1 of the Securities and Exchange Act requires Self Regulatory Organizations (SROs) to notify the Commission of final disciplinary actions taken against its members. The 19d-1 Filing Tracking System is a web service that allows SROs to file these notices electronically. Once filed, searches and reports can be generated using the data. The application collects mostly public information from external sources (e.g. SROs or other industry participants such as regulated entities) using a secure website.

Risk Assessment Documentation & Inspection Umbrella System (RADIUS), August 26, 2009.

Summary: The Risk Assessment Documentation & Inspection Umbrella System (RADIUS) project will establish an overarching examination platform or framework that will support, facilitate and automate numerous aspects of the examination process of the Office of Compliance, Inspection and Examination (OCIE). The system will automate identification and documentation of risk assessment of entities during examination process. The system will deliver a document management system to create and store work papers and work flow management capabilities. The system will also replace the current examination tracking system – STARS. The system will have extensive capabilities to manage registrants' information and communications and search internal and external databases to facilitate research and due diligence during examination process. The system will deliver data management capabilities to include importing, processing, analysis and reporting of registrants' transaction-based and financial data. The system will deliver extensive reporting capabilities.

GovDelivery Email Subscription Management System, July 29, 2009.

Summary: The GovDelivery Email Subscription Management System ("GovDelivery ESM" or the "System") is a web-based software system invented, owned, and operated by GovDelivery, Inc. of St. Paul, MN. The system is used to handle email and digital subscription management and to deliver opt-in email and other messaging. GovDelivery ESM is hosted at GovDelivery, Inc.'s Tier III data center and delivered on a Software as a Service (SaaS) basis to nearly 250 public entities including, among others, the U.S. Department of Homeland Security, Labor, Treasury, Transportation, and the Federal Reserve. The System allows website visitors of agency clients to subscribe to receive email and wireless alerts based on individual, self-selected, needs and interests.

Momentum Financials, July 29, 2009.

Summary: Momentum Financials is the SEC's financial system of record used for financial data collection and reporting. The SEC is updating the Momentum Financials PIA issued on February 27, 2007 to reflect changes identified through system version upgrade.

Facilities Help Desk (HelpSpot), July 15, 2009.

Summary: The HelpSpot system will allow anyone with access to the SEC Intranet to click on a link in the Insider to bring up a web-based form and request a facility or real property repair (e.g., adjust office temperature, repair door closer, replace broken desk chair, etc.). Once submitted, the user's request form will be emailed to one or more SEC mailboxes set up specifically for facilities requests.

Corporation Finance Interpretive Guidance System (CIGS), July 1, 2009.

Summary:

Corporation Finance Interpretive Guidance System (CIGS) comprises two basic components, an external web-based request form ("Request Form") and an internal system known as the Open-source Ticket Request System ("OTRS"). The Request Form is accessible by the public through SEC.gov and provides a means through which the public may submit questions for the Division's staff to handle. The OTRS system assists with the receipt, routing, answering and internal reporting of these public inquiries.

Consolidated New Database and Operational Reports ("CONDOR"), April 1, 2009.

Summary: The Division of Market Regulation, Office of Market Continuity owns the Consolidated New Database and Operational Reports (CONDOR) system and uses it to track systems outages, inspection recommendations, systems changes, document requests, and consultant and internal audit recommendations, at Self-regulatory Organizations/Electronic Communications Network (SROs/ECNs ) subject to review by the Automation Review Program (ARP).

Ethics Program Systems Automation (EPSA) Project, February 25, 2009.

Summary:

The plan of the EPSA project is to automate the Ethics Office’s administration and management of the information SEC employees report about their personal financial holdings and transactions, as required by the federal securities and government ethics laws and regulations, on such forms as SEC 682 and 681, OGE 450 and SF 278. It is proposed that the current, primarily paper-based, employee reporting process will be automated using a web-based commercial-off-the-shelf (COTS) product that is commercially available. No product has been selected yet.

Automated Procurement System (APS), February 12, 2009.

Summary: APS is a web-based system for SEC staff involved in the acquisition process. It is a COTS contract management system that will be used to track and store procurement data for the SEC. Users generate a procurement request through an iterative, multi-user approval process. After approval of the request, contracting personnel accept the request and convert it into a solicitation package; an award document or a Government Purchase Card transaction.

Living Disaster Recovery Planning System (LDRPS), February 11, 2009.

Summary: LDRPS is used to build the Office of Information Technology (OIT) Disaster Recovery Plans, which will describe Disaster Recovery (DR) roles and responsibilities and the resources needed to recovery from a disaster. It helps the Disaster Recovery Manager build the plan structure for OIT and enables the DR Manager to print plans during an emergency.

Office of Interpretation and Guidance Log (OIG LOG), January 22, 2009.

Summary: As part of its mission, and in order to serve the public and the Division and Commission's regulatory mandates, the Office of Interpretation and Guidance (OIG) will use the OIG Log system to log calls, e-mails, and other communications submitted to the Division of Trading and Markets' telephone hotline and public email boxes, or referred from other Divisions or TM offices; and to document the staff guidance provided. The provision of personal and other information by the public is voluntary, unsolicited, and not required.

Self Regulatory Organizations (SROs) Market Surveillance Referrals/Investigation Referral System, November 20, 2008.

Summary: This application allows SROs to submit their investigative findings into the SEC electronically for enforcement consideration.

SEC Historical Photos Database, September 11, 2008.

Summary: The database is used to digitize and index photographic files that have historically been provided to the SEC Library by SEC staff for inclusion in the Library’s collection.

Electronic Data Gathering, Analysis and Retrieval (EDGAR) System, August 6, 2008.

Summary: EDGAR is the SEC’s electronic filing system. EDGAR performs automated collection, validation, indexing, acceptance, and dissemination of submissions by companies and individuals. These submissions are required by federal securities laws and regulations and, are released for public disclosure.

International Program Oversight Database (International POD), July 30, 2008.

Summary: The International Program Oversight Database (International POD) application tracks data gathered by the Office of International Affairs (OIA) including documents related to: Requests for enforcement cooperation with foreign regulators and law enforcement agencies; International regulatory policy matters designed to protect investors, improve market efficiency, and eliminate opportunities for "regulatory arbitrage"; Technical assistance and international training programs for emerging securities markets; Directory of contacts for foreign regulators and stock exchanges; SEC staff foreign travel; and USAID reimbursement.

Easy Lobby (9.0) and eAdvance, June 24, 2008.

Summary: Easy Lobby (9.0) is an upgrade to the application currently used at Station Place (SP) and the Operations Center (OPC) to capture detailed visitor information and issue badges. The current system uses a standalone version, which does not use a shared database. Easy Lobby (9.0) will use a centralized database, which will allow the staff at SP and OPC to share visitor information. The upgrade will also allow SEC employees to use a web-based tool (eAdvance) to pre-register guests and receive email notification when the visitor checks in. The system will also allow for analysis and reporting on visitor data.

System for Enforcement Case Tracking and Routing (SECTR), June 10, 2008.

Summary: The purpose of the System for Enforcement Case Tracking and Routing (SECTR) System is to create and maintain an electronic database of enforcement matters reviewed and comments provided by staff of the Division of Trading and Markets to the Division of Enforcement; and to maintain a record of communications within the Division of Trading and Markets relating to the enforcement matters reviewed.

Quicktime, April 24, 2008.

Summary: Quicktime is a web-based time and attendance system that allows employee entry of time, as well as traditional timekeeper data entry.

Continuity Support Center (CSC) System, March 11, 2008.

Summary: CSC is a Web-based system that allows all SEC offices to publish their business continuity related documents, and also allows office administrators to update various office specific personnel lists such as, emergency or essential teams, to facilitate the performance of essential functions during emergencies or other situations that may disrupt normal operations.

Phoenix, September 28, 2007.

Summary: Phoenix is a database that tracks disgorgements and civil penalties ordered and paid in Commission civil actions and administrative proceedings.

E-Travel (EDS Fedtraveler), August 14, 2007.

Summary: E-Travel (EDS Fedtraveler) is a web-based, end-to-end travel solution which is vendor owned, hosted, maintained and operated. It replaced the current system, Travel Manager. EDS Fedtraveler provides enhanced reporting capabilities, on-line booking (carrier, car, hotel, etc) capabilities, electronic approval of travel documents and an automated interface with the financial system (Momentum).

US Access Program, July 23, 2007.

Summary: Homeland Security Presidential Directive-12 (HSPD-12) established the requirement for a mandatory government-wide standard for identifying Federal Government employees and contractors. The US Access Program produces compliant Personal Identity Verification (PIV) credentials of Federal Employees and Contractors pursuant to HSPD-12.

Federal Identity Management, (FIM), May 25, 2007.

Summary: The FIM system is a suite of applications used to manage the user account lifecycle at the SEC. FIM will allow for automated, approvals based process for managing employee and contractor identities and user account in various SEC systems.

Strategic Acquisition Manager, (SAM), May 8, 2007.

Summary: SAM is a web-based system for SEC staff involved in the acquisition process; it tracks and stores procurement for the SEC. Users generate a procurement request through an iterative, multi-user approval process. After approval of the request, contracting personnel accept the request and convert it into a solicitation package; an award document or a Government Purchase Card transaction.

Name Relationship Search Index (NRSI), April 25, 2007.

Summary: The NRSI application provides a cross-reference of data by name that is contained in internal automated SEC systems. The SEC has several automated information systems to record and track information relating to companies and individuals that deal in securities exchanges. The information managed by these automated information systems is received from a number of disparate sources.

Administrative Law Judges Case Tracking System, March 30, 2007.

Summary: This system is the single data point/record for Office of Administrative Law Judge cases. This application contains all administrative proceedings, hearings, and pre-hearing conferences that are scheduled before an Administrative Law Judge. All actions taken, including the final disposition, are entered here.

NotiFind, March 30, 2007.

Summary: NotiFind is an automated system that sends text and/or voice messages to a defined group of SEC employees and contractors. It allows the SEC to efficiently and effectively communicate vital information to selected employees and contractors during an emergency. It also allows the SEC to account for personnel after an emergency. NotiFind replaced the SEC Emergency Notification System (ENS).

Testimony Tracking System (TTS), March 26, 2007.

Summary: TTS is a mixed system with financial and non-financial components. It is a web-based, on-line electronic system that allows Division of Enforcement (ENF) staff to order and receive an electronic version of transcripts from the prime contractor. TTS also collects data about financial events, and it updates witness names and dates of testimony in the ENF Case Tracking System.

Hub System, (HUB), March 14, 2007.

Summary: The HUB is a Case Management Tool that provides the capability for case data augmentation and reporting by the SEC Division of Enforcement.

Travel Manager, February 27, 2007.

Summary: Travel Manager is the SEC’s travel management system that tracks travel related financial data, collection and reporting.

Electronic Documents (EDOCS), February 26, 2007.

Summary: Each year the SEC receives the equivalent of approximately 50 million pages of documents. Approximately 70-80% are received in electronic format with the remainder submitted as paper. The SEC Division of Enforcement (ENF) receives more than 80% of the documents as evidence through request letters and subpoenas. EDOCS allows the SEC to manage and research these electronic documents as they support the SEC regulatory mission. EDOCS provides the ability to scan, convert to text, and load electronic documents, whether received in paper or electronic form, into an organized, searchable repository.

Electronic Bluesheet System, (EBS) October 17, 2006.

Summary: The EBS issues and tracks SEC request for, and receipt of, securities transaction information from the registered broker dealer community and securities self-regulatory organizations.

USA Staffing (USAS) System, September 21, 2006.

Summary: USAS is used to collect information from applicants for Federal jobs to determine if their qualifications meet qualifications requirements for the vacancies for which they have applied.

FOIAXpress, May 2, 2006.

Summary: FOIAXpress is a COTS product which is specifically designed to track Freedom of Information Act and Privacy Act requests and to provide a full range of electronic document management capabilities.

List of Current SEC System of Record Notices

(as published in the Federal Register; please click on notice to view a pdf copy)

 

http://www.sec.gov/about/privacy/secprivacyoffice.htm


Modified: 05/14/2012