On February 14, 2023, the SEC proposed significant revisions to the Privacy Act, which governs the handling of personal information within the federal government. These proposed changes aim to streamline and update the current rules, ensuring they align with existing practices and regulations. While regulations have been in place for a long time, they needed to be updated to reflect the modern way in which transactions are carried out. That is where the Privacy Act comes into play.
The Purpose of the Privacy Act: Protecting Confidential Information
The Privacy Act is the primary legislation overseeing how personal information is collected, maintained, used, and disseminated by federal agencies in their systems of records. It also provides individuals the right to access and correct inaccurate records about them. When individuals execute trades, certain personal information is collected and stored for security reasons. Now, the Privacy Act governs how that information is collected, stored, and used.
Key objectives of the proposed rewrite of the Privacy Act include:
- Introducing a process for individuals to obtain an accounting of disclosures made by the SEC.
- Codifying the current practice of allowing a 90-day period for filing an administrative appeal in response to a denial of a Privacy Act inquiry or request.
- Removing redundant and unnecessary provisions.
- Reorganizing specific provisions.
- Updating the fee provisions.
The federal government has proposed changes to many of the principles above to increase transparency regarding how people’s private information is collected and stored.
Key Changes Are Coming To The Privacy Act
A number of changes have been proposed in relation to the Privacy Act. The proposed rule changes result in a comprehensive rewrite of the existing rules. These changes include:
- Clarifying the purpose and scope of the regulation.
- Updating definitions and processes for submitting and receiving information requests and responses, along with shortening timelines.
- Streamlining the administrative appeal process.
- Establishing an online digital system.
- Updating agency contact information.
- Revising the list of rules exempt from the Privacy Act.
- Aligning fee provisions with those currently listed on the Office of FOIA Services fee page.
The updated rules will also remove certain outdated provisions, such as those related to medical record requests. In addition, they will introduce provisions for processing individuals’ requests for an accounting of specific record disclosures about themselves, including the date, nature, and purpose of each disclosure made by the SEC to other parties, organizations, or agencies. Lastly, the proposed changes will establish a 90-day time period for requesters to file an administrative appeal, consistent with FOIA rules. The goal is to streamline the information collection and storage process while providing individuals with a greater degree of control regarding how their information is collected and stored.