As a registered investment adviser, Zephyr must comply with SEC Regulation S-P, which requires registered advisers to adopt policies and procedures to protect the "nonpublic personal information" of natural person consumers and customers and to disclose to such persons policies and procedures for protecting that information.1 Under SEC Regulation S-P, Zephyr must ensure that it develops appropriate safeguards for any record containing nonpublic personal information in order to ensure that such information is (1) kept secure and confidential, (2) protected against reasonably anticipated threats to its security or integrity, and (3) protected against unauthorized access or use that might result in substantial harm or inconvenience to its clients. Additionally, when disposing of consumer report information, Zephyr will take reasonable steps to protect the confidentiality of the records following such disposal and to guard against unintended or unauthorized disposals.
Nonpublic personal information includes nonpublic "personally identifiable financial information" plus any list, description, or grouping of customers that is derived from nonpublic personally identifiable financial information. Such information may include personal financial and account information, information relating to services performed for or transactions entered into on behalf of clients, advice provided by Zephyr to clients, and data or analyses that include such nonpublic personally identifiable information.
Non-Disclosure of client information
Zephyr does not share any nonpublic personal information with any non-affiliated third parties, except in the following circumstances:
Employees are prohibited, either during or after termination of their employment, from disclosing nonpublic personal information to any person or entity outside Zephyr, including family members, except under the circumstances described above. An employee is permitted to disclose nonpublic personal information only to such other employees who need to have access to such information to deliver our services to the client.
Security and disposal of client information
Any employee who is authorized to have access to nonpublic personal information is required to take reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal. All electronic or computer files containing such information must be password secured and firewall protected from access by unauthorized persons. Any conversations involving nonpublic personal information, if appropriate at all, must be conducted by employees in private, and care must be taken to avoid any unauthorized persons overhearing or intercepting such conversations.
Zephyr will provide a clear and conspicuous initial notice that accurately reflects their privacy policies and practices to consumers no later than the time a customer relationship is established and subsequent notices at least once in any period of twelve consecutive months during which the customer relationship exists. If Zephyr adopts material changes to its privacy policies, we will provide each such client with a revised notice reflecting the new privacy policies. Additionally, Zephyr will make their privacy notice available to customers upon request, and a copy of the privacy notice will be conspicuously posted on any website belonging to Zephyr. The Chief Compliance Officer is responsible
for ensuring that required notices are distributed to Zephyr's consumers and customers.
1. See Privacy of Consumer Financial Information (Regulation S-P), Rel. No. 34-42974 (June 22, 2000).