Associations Comment on Data Privacy, Protection and Collection

In comments submitted to the U.S. Senate Banking Committee, SIFMA and the Managed Funds Association ("MFA") offered feedback on data privacy, protection and collection.

SIFMA advised Congress to:

• ensure that any privacy regime is flexible enough to allow the use of new technology and foster innovation;

• devise a federal data breach notification regime that preempts state laws and existing federal regulations and guidance;

• be aware of the need to "harmonize any future privacy obligations," which may include new consumer rights, with current legal obligations for financial institutions; and

• protect consumers' rights to "opt out of the sharing of personal financial data for third-party marketing purposes."

According to SIFMA, any federal privacy bill should make it clear that consumers cannot opt out of the sharing of personal financial information for anti-money laundering, fraud monitoring, financial crime prevention or other law enforcement purposes.

The MFA expressed concern over the SEC's ability to protect the data it requests from registered investment advisers, and urged the SEC to:

• update policies to implement statutory requirements relating to protecting the confidential and proprietary information of registrants;

• limit the scope of system risk filings to information that could identify risks, including cyber theft and exam requests, to data that is only necessary to ensure compliance;

• include protections within the design of its forms and reporting systems to alleviate any cyber breaches; and

• implement a process through which it would "exhaust less-sensitive means of understanding a firm's activities before requesting for any confidential, commercially-valuable intellectual property."