Information Security and Privacy Regulations
Chapters in this video
- 0:00 Reg S-P, GLBA, and what counts as NPI
- 1:32 Initial privacy notice at account opening
- 2:46 Annual notice and the two-condition waiver
- 3:30 Opt-out notice for nonaffiliated third parties
- 4:01 Reg S-P vs. Reg S-AM affiliate marketing trap
- 5:21 Four exceptions and the service provider contract
- 6:18 Safeguards Rule with Sam the Supervisor
- 7:02 Rapid-fire exam recap
What this video covers
- What nonpublic personal information (NPI) actually covers under Regulation S-P, and why public records like a customer's name fall outside the rule
- When the initial privacy notice must be delivered (at account opening, not during prospecting), and the four categories it must describe
- The two conditions that must BOTH be met for the annual privacy notice requirement to be waived
- Opt-out notice mechanics for sharing NPI with nonaffiliated third parties, including the clear and conspicuous standard
- The Reg S-P vs. Regulation S-AM distinction: S-P stops outsiders from getting data, S-AM stops affiliates from using shared data to market to the customer
- The four exceptions that allow sharing NPI without opt-out (service providers, joint marketing, processing transactions, legal/regulatory), and the written-contract trap on the service provider exception
- The Safeguards Rule under GLBA: written policies, protecting against unauthorized access, and guarding against anticipated threats
Read the full lesson, free
This video's complete written lesson is free to read in the CertFuel app, no signup wall. When you're ready to drill the topic, the full Series 7 course adds adaptive practice questions and spaced-repetition flashcards.