The GLBA requires "financial institutions" to protect the privacy of most information they obtain from individuals who use their products and services. The term "financial institution" is defined broadly. It includes investment advisers, broker-dealers, investment companies, and insurance agents and brokers. Generally speaking, under the rules, TruNorth must:
Create a privacy program;
Provide clients and prospective clients with the ability to opt out from the disclosure of information to nonaffiliated third parties (with certain key exceptions);
Non-Disclosure of Client Information
TruNorth maintains safeguards to comply with federal and state standards to guard each client's nonpublic personal information. The term "nonpublic personal information" means personally identifiable financial information and any list, description or other grouping of consumers that is derived using any personally identifiable financial information that is not publicly available. The term is broadly defined to include any information a consumer provides to a financial institution that is not publicly available including public information that is derived from nonpublic personal information. Consequently, the term includes client lists and even the mere fact that someone is a client. TruNorth does not share any nonpublic personal information with any nonaffiliated third parties, except in the following circumstances:
As necessary to provide the service that the client has requested or authorized, or to maintain and service the client's account. For example, TruNorth discloses nonpublic information to custodians, namely Charles Schwab & Co., Inc., as is necessary to carry out the terms of the Discretionary Investment Management Services Agreement with our clients.
As required by regulatory authorities or law enforcement officials who have jurisdiction over TruNorth; or
As otherwise required by any applicable law, and to the extent reasonably necessary to prevent fraud and unauthorized transactions.
Although not disclosed by us, certain information may be accessible to certain software and cloud-based hosting providers we use to operate our business. TruNorth constantly monitors the safety and security procedures of these providers to ensure your information is protected. Employees are prohibited, either during or after termination of their employment, from disclosing nonpublic personal information to any person or entity outside TruNorth including family members, except under the circumstances described above. An employee is permitted to disclose nonpublic personal information only to such other employees who need to have access to such information to deliver our services to the client.
“Phishing” is the illegal attempt to trick someone into providing personal, confidential or financial information, including account numbers, passwords and Social Security numbers. To ensure the privacy of our clients is not comprised, TruNorth will confirm the identity of any individuals requesting clients’ confidential information if identity of the individual requesting the information is not certain.
Security of Client Information
TruNorth restricts access to nonpublic personal information to those employees who need to know such information to provide services to its clients. Any employee who is authorized to have access to nonpublic personal information is required to keep such information in a secure compartment or receptacle on a daily basis as of the close of business each day. All electronic or computer files containing such information are password secured and firewall protected from access by unauthorized persons. Any conversations involving nonpublic personal information, if appropriate at all, must be conducted by employees in private, and care must be taken to avoid any unauthorized persons overhearing or intercepting such conversations.
Initial Privacy Notices
TruNorth must provide initial privacy notices in two situations:
When a “customer relationship” is established, initial notice must be given no later than the time the investment adviser establishes a "customer relationship" with an individual. The term "customer relationship" is defined to mean a continuing relationship. A customer relationship exists when an individual enters into an advisory contract or when a securities transaction is effected. Initial notice may be given at the same time an investment adviser is required to give other notices, such as the required notice of credit terms in margin transactions, or the written disclosure statement (brochure) that an investment adviser must provide a client with no later than the time of entering into an advisory contract with the client (requiring delivery of the brochure (i) not less than 48 hours before entering into an investment advisory contract with the client or (ii) at the time of entering into the contract as long as the client has at least 5 business days to cancel the contract without penalty). There are several situations in which initial notice may be delayed even after a customer relationship is established. Those situations include instances where the consumer's transaction would otherwise be delayed and the consumer agrees to receive the notice at a later time as well as when a nonaffiliated investment adviser or broker-dealer purchases fund shares or establishes a brokerage account on behalf of a customer.
Even if no customer relationship is established, initial notice must be given if TruNorth obtains nonpublic personal information from a "consumer" and plans to disclose the information to a nonaffiliated third party. The term "consumer" is defined to mean an individual who has obtained a financial product or service from an investment adviser or if that product or service is to be used primarily for personal, family or household purposes. For example, an individual who provides nonpublic personal information to obtain investment advisory services is considered to be a "consumer," even if no ongoing advisory is established. But an individual who provides his or her name, address, and areas of investment interest solely as part of a request for an investment adviser brochure or a prospectus would not be considered to be a "consumer".
Annual Privacy Notices
Privacy notices must be provided to clients annually until the customer relationship is terminated (for example, when an investment advisory relationship is terminated). "Annually" means at least once in any period of 12 consecutive months during which the relationship exists.
Revised Privacy Notices
If an existing client obtains a new financial product or service, TruNorth does not need to send an additional privacy notice as long as the most recent notice is accurate with respect to that product or service. If there have been significant changes since the last notice was given (for example, a planned disclosure of nonpublic personal information to a new category of nonaffiliated third party), TruNorth must provide a revised notice.