Subpart H — Regulations Pertaining to the Privacy of Individuals and Systems of Records Maintained by the Commission
Source:
40 FR 44068, Sept. 24, 1975, unless otherwise noted.
200.301 — Purpose and scope.
(a) This subpart contains the rules of the Securities and Exchange
Commission implementing the Privacy Act of 1974, as amended (Pub. L. 93–579, 5 U.S.C. 552a).
These rules are applicable to all records in systems of records maintained by the
Commission. They set forth the procedures by which individuals may make an inquiry regarding
or request access to records about themselves, request an amendment or correction of those
records, and request an accounting of disclosures of those records by the Commission.
(b) This subpart also lists the Commission systems of records that are
exempt from some of the provisions of the Privacy Act of 1974. These exemptions are
authorized under the Privacy Act, 5 U.S.C. 552a(j) and (k).
[88 FR 65807, Sept. 26, 2023]
200.302 — Definitions.
In addition to the definitions contained in 5 U.S.C. 552a(a), the
following definitions apply in this subpart:
Commission means the Securities and Exchange Commission.
Inquiry means a request described in Privacy Act section
(f)(1).
Privacy Act means the Privacy Act of 1974, as amended (5 U.S.C. 552a).
Request for access to a record means a request made under Privacy Act section
(d)(1).
Request for amendment or correction of a record means a request made under Privacy
Act section (d)(2).
Request for an accounting means a request made under Privacy Act section (c)(3).
Requester means an individual who makes an inquiry, a request for access, a request
for amendment or correction, or a request for an accounting.
[88 FR 65807, Sept. 26, 2023]
200.303 — Procedures for making inquiries and requests for access.
Requesters seeking to know if a specific system of records maintained by
the Commission contains a record pertaining to them may submit an inquiry to the Commission.
Requesters may also request access to records pertaining to them in a system of records
maintained by the Commission.
(a) How to make an inquiry or request for access. An inquiry or
request for access must be in writing and may be submitted by email (foiapa@sec.gov)
or online at the Commission's website at
https://www.sec.gov/forms/request_public_docs. A requester may alternatively
submit an inquiry or request for access by mail to the Securities and Exchange Commission,
Office of FOIA Services, 100 F Street NE, Washington, DC 20549 or other mailing address or
facsimile number published on the Commission's website at
https://www.sec.gov/oso/help/foia-contact.html. Inquiries and requests for
access that are submitted by mail should include the words “PRIVACY ACT REQUEST” in capital
letters at the top of the letter and on the face of the envelope.
(b) Information to be included in an inquiry or request for access.
Each inquiry or request for access must include information that will assist the Commission
in identifying those records the requester is seeking information about or access to. The
following information, as relevant, should be submitted with the request: name of the
individual whose record is sought; identifying data that will help locate the record
(e.g., maiden name and period or place of employment); and the requester's name,
address, telephone number, and email address. Where practicable, the requester should
identify the system of records that is the subject of the inquiry or request for access by
reference to the Commission's systems of records notices, which are published in the Federal Register. The Commission's systems of records notices can
also be found on the Commission's website at
https://www.sec.gov/oit/system-records-notices. If additional information is
required before a request can be processed, the requester will be so advised.
(c) Verification of identity. A requester making an inquiry or requesting access to
a record must verify his or her identity before information is given or access is granted
unless the information is required to be disclosed under the Freedom of Information Act
(FOIA), 5 U.S.C. 552.
(1) In-person verification. A requester may appear at any of the Commission offices,
which are listed on the Commission's website at https://www.sec.gov/divisions.shtml,
and furnish documentation to establish his or her identity. Such documentation might include
a valid driver's license, passport, birth certificate, employee or military identification
card, or Medicare card. Sufficiency of the documentation in verifying identity will be
determined by the Commission staff member reviewing such documentation.
(2) Not in-person verification. A requester who does not appear in person must
verify his or her identity using one of the following methods:
(i) A requester may use electronic identity proofing and authentication processes as made
available through the Commission's website; or
(ii) A requester may submit a copy of documentation to establish the requester's identity
(examples of such documentation are noted in paragraph (c)(1) of this section).
(3) Submission of signed statement. For all verification methods, a requester must
also submit a statement attesting to the requester's identity and a statement that the
requester understands that a knowing and willful request for or acquisition of a record
pertaining to an individual under false pretenses is a criminal offense subject to a $5,000
fine. Sample statements and the requirements for completing them are available through the
Commission's website.
(4) Additional procedures for verifying identity. When it appears appropriate, the
Commission's Office of FOIA Services may make such other arrangements for the verification
of identity as are reasonable under the circumstances and appear to be effective to prevent
unauthorized disclosure of, or access to, individual records.
[40 FR 44068, Sept. 24, 1975, as amended at 41 FR 44698, Oct. 12, 1976; 47
FR 26819, June 22, 1982; 52 FR 2677, Jan. 26, 1987; 54 FR 40862, Oct. 4, 1989; 54 FR
50307, Dec. 5, 1989; 59 FR 5945, Feb. 9, 1994; 59 FR 12543, Mar. 17, 1994; 65 FR 55185,
55186, Sept. 13, 2000; 73 FR 32225, June 5, 2008; 88 FR 65807, Sept. 26, 2023]
200.304 — Disclosure of requested records.
(a) Initial review. Inquiries and requests for access will be
referred to the Commission's Office of FOIA Services which will make the initial
determination as to whether the inquiry or request for access will be granted.
(b) Grant of inquiry or request for access. If it is determined that an inquiry or
request for access will be granted, the requester will be advised in writing. When a request
for access is granted, in full or in part, a requester may elect to receive a copy of the
requested record electronically, by mail, or in person, and the Office of FOIA Services will
comply with that election to the extent practicable.
(c) Denial of an inquiry or request for access. If it is determined that no response
will be given to an inquiry or that a request for access will not be granted, the requester
will be notified of that fact in writing and given the reasons for the denial. The requester
also will be advised of his or her right to seek review by the Office of the General Counsel
of the initial decision in accordance with the procedures set forth in § 200.308.
(d) Time for acting on inquiries and requests for access —(1)
Responses to inquiries. The Office of FOIA Services will endeavor to inform a
requester making an inquiry as to whether the named system of records contains a record
pertaining to him or her within 10 days (excluding Saturdays, Sundays, and Federal holidays)
of receipt of such a request. Whenever a response to an inquiry cannot be made within the 10
days, the Office of FOIA Services will inform the requester of the reasons for the delay and
the date by which a response may be anticipated.
(2) Acknowledgement of and responses to requests for access. (i) Except where the
requester appears in person, the Office of FOIA Services will endeavor to acknowledge, in
writing, receipt of a request for access within 10 days (excluding Saturdays, Sundays, and
Federal holidays) of receipt of such a request.
(ii) The Office of FOIA Services will endeavor to respond to a request for access to a
record pertaining to a requester within 30 days (excluding Saturdays, Sundays, and Federal
holidays) after the receipt of the request. If, for good cause shown, a longer period of
time is required, the Office of FOIA Services will inform the requester in writing of the
reasons for the delay, and indicate when access is expected to be granted or denied.
(3) Appearance in person. When a requester appears in person at the Commission to
make a request for access and the requester provides the required information and
verification of identity, the Office of FOIA Services' staff, if practicable, will indicate
whether it is likely that the requester will be given access to the records and, if so, when
and under what circumstances such access will be given.
(e) Exclusion for certain records. Nothing contained in these rules allows a
requester to obtain access to any records or information compiled in reasonable anticipation
of a civil action or proceeding.
[40 FR 44068, Sept. 24, 1975, as amended at 49 FR 13866, Apr. 9, 1984; 76
FR 71874, Nov. 21, 2011; 88 FR 65807, Sept. 26, 2023]
200.305 — Requests for amendment or correction of records.
(a) How to a make request for amendment or correction. A written request for
amendment or correction of records may be submitted by email (foiapa@sec.gov) or
online at the Commission's website at
https://www.sec.gov/forms/request_public_docs. A requester may alternatively
submit a request for amendment or correction by mail to the Securities and Exchange
Commission, Office of FOIA Services, 100 F Street NE, Washington, DC 20549 or other mailing
address or facsimile number published on the Commission's website at
https://www.sec.gov/oso/help/foia-contact.html. Requests that are submitted by
mail should include the words “PRIVACY ACT REQUEST” in capital letters at the top of the
letter and on the face of the envelope.
(1) Information to be included in requests for amendment or correction. Each request
for amendment or correction must reasonably describe the record sought to be amended or
corrected. Such description should include, for example, relevant names, dates, and subject
matter to permit the record to be located among the records maintained by the Commission.
The requester will be advised promptly if the record cannot be located on the basis of the
description given and if further identifying information is necessary before the request can
be processed. Verification of the requester's identity as set forth in § 200.303(c) will
also be required before an amendment or correction is undertaken.
(2) Basis for amendment or correction. A requester seeking an amendment or
correction to a record must specify the substance of the amendment or correction and set
forth facts and provide such materials that would support the contention that the record as
maintained by the Commission is not accurate, timely, or complete or, where a request seeks
deletion of information, that the record is not necessary and relevant to accomplish a
statutory purpose of the Commission as authorized by law or by Executive Order of the
President.
(b) Acknowledgement of requests for amendment or correction. Receipt of a request
for amendment or correction will be acknowledged in writing within 10 days (excluding
Saturdays, Sundays, and Federal holidays) after such request has been received. When a
request for amendment or correction is made in person, the requester will be given a written
acknowledgement when the request is presented. The acknowledgement will describe the request
received and indicate when it is anticipated that action will be taken on the request.
[88 FR 65807, Sept. 26, 2023]
200.306 — Review of requests for amendment or correction.
(a) Initial review. Requests for amendment or correction to records
pertaining to that individual will be referred to the Commission's Office of FOIA Services
for an initial determination.
(b) Time for acting on requests. Initial review of a request for
amendment or correction will be completed promptly and the Office of FOIA Services will
endeavor to respond to a request within 30 days (excluding Saturdays, Sundays, and Federal
holidays) from the date the request was received, unless circumstances preclude completion
of review within that time. If the anticipated completion date indicated in the
acknowledgement cannot be met, the requester will be advised in writing of the delay and the
reasons for the delay, and also advised when action is expected to be completed.
(c) Grant of requests for amendment or correction. If a request for
amendment or correction is granted in whole or in part, the Office of FOIA Services
will:
(1) Advise the requester in writing of the extent to which it has been
granted;
(2) Amend or correct the record accordingly; and
(3) Where an accounting of disclosures of the record has been kept pursuant to 5 U.S.C.
552a(c), advise all previous recipients of the record of the fact that the record has been
amended or corrected and the substance of the amendment or correction.
(d) Denial of requests for amendment or correction. If the request for amendment or
correction is denied in whole or in part, the Office of FOIA Services will:
(1) Promptly advise the requester in writing of the extent to which the request has been
denied;
(2) State the reasons for the denial of the request;
(3) Describe the procedures to appeal the denial of the request for amendment or
correction, including the name and address of the person to whom the appeal is to be
addressed; and
(4) Inform the requester that the Office of FOIA Services will provide information and
assistance to the individual in perfecting an appeal of the initial decision.
[40 FR 44068, Sept. 24, 1975, as amended at 47 FR 26819, June 22, 1982; 65
FR 55186, Sept. 13, 2000; 88 FR 65807, Sept. 26, 2023]
200.307 — Requests for an accounting of record disclosures.
(a) How made and addressed. Except where accountings of disclosures
are not required to be kept or provided (as stated in paragraph (e) of this section),
requesters may ask the Commission to provide an accounting of a disclosure of a record about
the requester that the Commission has made to another person, organization, or agency. The
request for an accounting should identify each particular record in question and must be
made in writing. The request may be submitted by email (foiapa@sec.gov) or online at
the Commission's website at https://www.sec.gov/forms/request_public_docs. A
requester may alternatively submit a request for an accounting by mail to the Securities and
Exchange Commission, Office of FOIA Services, 100 F Street NE, Washington, DC 20549 or other
mailing address or facsimile number published on the Commission's website at
https://www.sec.gov/oso/help/foia-contact.html. Requests for accounting that are
submitted by mail should include the words “PRIVACY ACT REQUEST” in capital letters at the
top of the letter and on the face of the envelope.
(b) Verification of identity. Verification of the requester's
identity as set forth in section 202.303(c) will be required before an accounting is
given.
(c) Acknowledgement of requests for an accounting of record
disclosures. The Office of FOIA Services will endeavor to acknowledge, in writing,
receipt of a request for an accounting of record disclosures within 10 days of receipt of
such a request (excluding Saturdays, Sundays, and Federal holidays). When a request for an
accounting of record disclosures is made in person, the requester will be given a written
acknowledgement when the request is presented. The acknowledgement will describe the request
received and indicate when it is anticipated that action will be taken on the request.
(d) Time for acting on requests. The Office of FOIA Services will
endeavor to respond to a request for an accounting of record disclosures within 30 days
(excluding Saturdays, Sundays, and Federal holidays) from the date the request was received,
unless the requester is notified in writing within the 30-day period that, for good cause
shown, a longer period of time is required. In such cases, the requester will be informed in
writing of the reasons for the delay and an indication will be given as to when it is
anticipated that an accounting may be granted or denied.
(e) Grant of request of accounting. If it is determined that a
request for an accounting will be granted, the requester will be advised in writing. When a
request for access is granted, in full or in part, the information will be provided
electronically, by mail, or in person at the requester’s election.
(f) Denial of a request for accounting. If it is determined that
the request will not be granted, the requester will be notified of that fact in writing and
given the reasons for the denial. The requester also will be advised of his or her right to
seek review by the Office of the General Counsel of the initial decision in accordance with
the procedures set forth in § 200.308.
(g) Where accountings of record disclosures are not required. The
Commission is not required to provide accountings of disclosures to requesters where they
relate to:
(1) Disclosures made to officers and employees within the Commission and
disclosures made under the FOIA, 5 U.S.C. 552;
(2) Disclosures made to law enforcement agencies for authorized law
enforcement activities in response to written requests from those law enforcement agencies
specifying the law enforcement activities for which disclosures are sought; or
(3) Disclosures made from law enforcement systems of records that have been exempted from
accounting requirements.
[40 FR 44068, Sept. 24, 1975, as amended at 49 FR 13866, Apr. 9, 1984; 76
FR 71874, Nov. 21, 2011; 88 FR 65807, Sept. 26, 2023]
200.308 — Administrative appeals.
(a) Administrative review. A requester who has been notified
pursuant to § 200.304(c), § 200.306(d), or § 200.307(d) that his or her inquiry or request
has been denied in whole or in part, or who has received no response to a request for access
or to amend within 30 days (excluding Saturdays, Sundays, and Federal holidays) after his or
her request was received by the Office of the FOIA Services, may appeal to the Office of the
General Counsel the adverse determination.
(1) Appeals must be received within 90 calendar days of the date of the
written denial of an inquiry or request and must be received no later than 11:59 p.m.,
eastern time, on the 90th day.
(2) The appeal should be in writing and should provide the assigned
request number, a copy of the original request, and the adverse determination. The appeal
should also explain why the requester contends any adverse determination was in error. The
requester may state such facts and cite such legal or other authorities as the requester may
consider appropriate in support of the appeal. If only a portion of the adverse
determination is appealed, the requester should specify which part is being appealed.
(3) The appeal may be submitted by email (foiapa@sec.gov) or online
at the Commission's website at https://www.sec.gov/forms/request_public_docs. A
requester may alternatively submit an appeal by mail to the Securities and Exchange
Commission, Office of FOIA Services, 100 F Street NE, Washington, DC 20549 or other mailing
address or facsimile number published on the Commission's website at
https://www.sec.gov/oso/help/foia-contact.html.
(4) The Office of the General Counsel will endeavor to make a
determination with respect to an appeal within 30 days after the receipt of such appeal
(excluding Saturdays, Sundays, and Federal holidays) unless, for good cause shown, the
Office of the General Counsel extends that period. If such an extension is made, the
individual who is appealing will be advised in writing of the extension, the reasons
therefor, and the anticipated date when the appeal will be decided.
(5) If the Office of the General Counsel concludes that an inquiry or
request for access, amendment or correction, or an accounting should be granted, it will
issue a decision granting the inquiry or request and instructing the Office of FOIA Services
to comply with § 200.304(b), § 200.306(c), or § 200.307(c), as applicable.
(6) If the Office of the General Counsel affirms the initial decision
denying an inquiry or request for access or an accounting, it will issue a decision denying
the inquiry or request and advising the requester of:
(i) The reasons for the denial; and
(ii) The requester's right to obtain judicial review of the decision
pursuant to 5 U.S.C. 552a(g)(1)(B) or (g)(1)(D), as applicable.
(7) If the Office of the General Counsel determines that the decision of
the Office of FOIA Services denying a request for amendment or correction should be upheld,
it will issue a decision denying the request and the individual will be advised of:
(i) The decision refusing to amend or correct the record and the reasons
therefor;
(ii) The requester's right to file a concise statement setting forth his
or her disagreement with the decision not to amend or correct the record;
(iii) The procedures for filing such a statement of disagreement;
(iv) The fact that any such statement of disagreement will be made
available to anyone to whom the record is disclosed, together with, if the Office of the
General Counsel deems it appropriate, a brief statement setting forth the Office of the
General Counsel's reasons for refusing to amend or correct;
(v) The fact that prior recipients of the record in issue will be provided
with the statement of disagreement and the Office of the General Counsel's statement, if
any, to the extent that an accounting of such disclosures has been maintained pursuant to 5
U.S.C. 552a(c); and
(vi) The requester's right to seek judicial review of the Office of the General Counsel's
refusal to amend or correct, pursuant to 5 U.S.C. 552a(g)(1)(A).
(8) In appropriate cases the Office of the General Counsel may, in its sole discretion,
refer matters requiring administrative review of initial decisions to the Commission for
determination and the issuance, where indicated, of decisions.
(b) Statements of disagreement. As noted in paragraph (a)(6)(ii) of this section, a
requester may file a statement setting forth his or her disagreement with the Office of the
General Counsel's denial of the request for amendment or correction.
(1) Such statement of disagreement may be submitted by email
(foiapa@sec.gov) or online at the Commission's website at
https://www.sec.gov/forms/request_public_docs. A requester who is not able to
submit a statement of disagreement by email or online may submit a request by mail to the
Securities and Exchange Commission, Office of FOIA Services, 100 F Street NE, Washington, DC
20549 or other mailing address or facsimile number published on the Commission's website at
https://www.sec.gov/oso/help/foia-contact.html. A requester must submit a
statement of disagreement within 30 days after receipt of the Office of the General
Counsel's decision denying the request for amendment or correction. For good cause shown
this period can be extended for a reasonable time.
(2) Statements of disagreement should be concise and must clearly identify each part of any
record that is disputed and state the basis for the requester's disagreement. The Office of
the General Counsel will return unduly lengthy or irrelevant materials to the individual for
appropriate revisions before they become a permanent part of the requester's record.
Statements of disagreement will be placed in the system of records in which the disputed
record is maintained. The disputed record will be marked to indicate that a statement of
disagreement has been filed and where in the system of records it may be found.
(3) If a requester has filed a statement of disagreement, the Office of FOIA Services will
append a copy of it to the disputed record whenever the record is disclosed and may also
append a concise statement of its reason(s) for denying the request for amendment or
correction.
(4) In appropriate cases, the Office of the General Counsel may, in its sole discretion,
refer matters concerning statements of disagreement to the Commission for disposition.
[40 FR 44068, Sept. 24, 1975, as amended at 42 FR 40190, Aug. 9, 1977; 47
FR 26819, June 22, 1982; 49 FR 13866, Apr. 9, 1984; 65 FR 55186, Sept. 13, 2000; 76 FR
71874, Nov. 21, 2011; 88 FR 65807, Sept. 26, 2023]
200.309 — Fees.
(a) The only fee to be charged to a requester under this part is for the
duplication of records to be disclosed to the requester. No fee will be charged or collected
for: search, retrieval, or review of records; or duplication at the initiative of the
Commission without a request from the requester. Fees for duplication will be charged at
rates set forth on the FOIA web page of the Commission's website at www.sec.gov. Fees
for duplication include any costs incurred in making records available on electronic storage
devices.
(b) With regard to requests for amendment or correction, the Commission will provide the
requester one copy of each record corrected or amended pursuant to his or her request
without charge as evidence of the correction or amendment.
(c) Whenever the Office of FOIA Services determines that good cause exists to grant a
request for reduction or waiver of fees for duplication costs, it may reduce or waive any
such fees.
[40 FR 44068, Sept. 24, 1975, as amended at 49 FR 13867, Apr. 9, 1984; 59
FR 5945, Feb. 9, 1994; 73 FR 32226, June 5, 2008; 88 FR 65807, Sept. 26, 2023]
200.310 — Specific exemptions.
(a) Pursuant to, and limited by 5 U.S.C. 552a(k)(2), the following systems of records
maintained by the Commission are exempt from 5 U.S.C. 552a(c)(3), (d), (e)(1), (e)(4)(G),
(e)(4)(H), and (e)(4)(I), and (f), and §§ 200.303, 200.305, and 200.307, insofar as they
contain investigatory materials compiled for law enforcement purposes:
(1) Enforcement Files;
(2) Office of the General Counsel Working Files;
(3) Office of the Chief Accountant Working Files;
(4) Correspondence Response System;
(5) Tips, Complaints, and Referrals (TCR) Records; and
(6) SEC Security in the Workplace Incident Records.
(b) Pursuant to 5 U.S.C. 552a(k)(5), the systems of records containing the Commission's
Disciplinary and Adverse Actions, Employee Conduct, and Labor Relations Files are exempt
from 5 U.S.C. 552a(c)(3), (d), (e)(1), (e)(4)(G), (e)(4)(H), (e)(4)(I), and (f), and
§§ 200.303 through 200.309, insofar as they contain investigatory material compiled to
determine an individual's suitability, eligibility, and qualifications for Federal civilian
employment or access to classified information, but only to the extent that the disclosure
of such material would reveal the identity of a source who furnished information to the
Government under an express promise that the identity of the source would be held in
confidence, or, prior to September 27, 1975, under an implied promise that the identity of
the source would be held in confidence.
[42 FR 56727, Oct. 28, 1977, as amended at 47 FR 26819, June 22, 1982; 49
FR 12686, Mar. 30, 1984; 50 FR 50287, Dec. 10, 1985; 65 FR 55186, Sept. 13, 2000; 88 FR
65807, Sept. 26, 2023]
200.311 — Inspector General exemptions.
(a) Pursuant to, and limited by 5 U.S.C. 552a(j)(2), the system of records maintained by
the Office of Inspector General of the Commission that contains investigative files is
exempt from the provisions of 5 U.S.C. 552a, except sections (b), (c)(1) and (2), (e)(4)(A)
through (F), (e)(6), (e)(7), (e)(9), (e)(10), and (e)(11), and (i), and §§ 200.303 through
200.309, insofar as the system contains information pertaining to criminal law enforcement
investigations.
(b) Pursuant to, and limited by 5 U.S.C. 552a(k)(2), the system of records maintained by
the Office of Inspector General of the Commission that contains investigative files is
exempt from 5 U.S.C. 552a(c)(3), (d), (e)(1), (e)(4)(G), (e)(4)(H), (e)(4)(I), and (f) and
§§ 200.303 through 200.309, insofar as it contains investigatory materials compiled for law
enforcement purposes.
[55 FR 19872, May 14, 1990; 88 FR 65807, Sept. 26, 2023]
200.312 — [Reserved]
[88 FR 65807, Sept. 26, 2023]