Introduction

As a registered investment adviser, TruNorth Capital Management, LLC (TruNorth) complies with SEC Regulation S-P, which requires registered advisers to adopt policies and procedures to protect the "nonpublic personal information" if its clients and to disclose to such persons policies and procedures for protecting that information. Nonpublic personal information includes nonpublic "personally identifiable financial information" plus any list, description or grouping of clients that is derived from nonpublic personally identifiable financial information. Such information may include personal financial and account information, information relating to services performed for or transactions entered into on behalf of clients, advice provided by TruNorth to clients, and data or analyses derived from such nonpublic personal information. In addition, the obligation for investment advisors such as TruNorth to maintain the absolute privacy of their clients and their clients’ information is addressed in the Gramm-Leach-Bliley Act Privacy Safeguards Rule, 16 CFR Part 314. In November 1999, Congress passed landmark legislation repealing Depression-era restrictions on cross-ownership between banks, insurance companies, and broker-dealers. Included in the Gramm-Leach-Bliley Act (the GLBA) was a separate chapter restricting the sharing of consumer information collected by financial institutions with third-party companies or vendors. Nearly all companies involved in the financial services industry are subject to the federal regulations, and many will be subject to future state privacy statutes and regulations. Federal privacy regulations issued pursuant to Title V of the GLBA became effective November 13, 2000, and require financial institutions to create a comprehensive privacy policy and send privacy notices annually to customers. 

 

Overview

The GLBA requires "financial institutions" to protect the privacy of most information they obtain from individuals who use their products and services. The term "financial institution" is defined broadly. It includes investment advisers, broker-dealers, investment companies, and insurance agents and brokers. Generally speaking, under the rules, TruNorth must:

Create a privacy program;

Provide privacy policy notices to their clients and prospective clients;

Provide clients and prospective clients with the ability to opt out from the disclosure of information to nonaffiliated third parties (with certain key exceptions);

Maintain appropriate additional records of the company’s privacy policy and related client communications for purposes of Securities and Exchange Commission (SEC) and state recordkeeping rules (if a registered investment adviser); and

Be prepared to deliver annually thereafter (not merely offer, as is permitted in the case of Part II of Form ADV) to clients the privacy policy and opt-out procedures. 

 

Non-Disclosure of Client Information

TruNorth maintains safeguards to comply with federal and state standards to guard each client's nonpublic personal information. The term "nonpublic personal information" means personally identifiable financial information and any list, description or other grouping of consumers that is derived using any personally identifiable financial information that is not publicly available. The term is broadly defined to include any information a consumer provides to a financial institution that is not publicly available including public information that is derived from nonpublic personal information. Consequently, the term includes client lists and even the mere fact that someone is a client. TruNorth does not share any nonpublic personal information with any nonaffiliated third parties, except in the following circumstances:

As necessary to provide the service that the client has requested or authorized, or to maintain and service the client's account. For example, TruNorth discloses nonpublic information to custodians, namely Charles Schwab & Co., Inc., as is necessary to carry out the terms of the Discretionary Investment Management Services Agreement with our clients.

 

As required by regulatory authorities or law enforcement officials who have jurisdiction over TruNorth; or

As otherwise required by any applicable law, and to the extent reasonably necessary to prevent fraud and unauthorized transactions.

 

Although not disclosed by us, certain information may be accessible to certain software and cloud-based hosting providers we use to operate our business. TruNorth constantly monitors the safety and security procedures of these providers to ensure your information is protected. Employees are prohibited, either during or after termination of their employment, from disclosing nonpublic personal information to any person or entity outside TruNorth including family members, except under the circumstances described above. An employee is permitted to disclose nonpublic personal information only to such other employees who need to have access to such information to deliver our services to the client.

 

Identity Verification

“Phishing” is the illegal attempt to trick someone into providing personal, confidential or financial information, including account numbers, passwords and Social Security numbers. To ensure the privacy of our clients is not comprised, TruNorth will confirm the identity of any individuals requesting clients’ confidential information if identity of the individual requesting the information is not certain. 

 

Training

Trainings related to protection of clients confidential information will be conducted no less than annually each employee will sign a statement indicating that they participated in the training, have read and understand the company’s privacy policy, and appreciate the importance of keeping clients’ confidential information secure and the consequences of failing to do so.

 

Security of Client Information

TruNorth restricts access to nonpublic personal information to those employees who need to know such information to provide services to its clients. Any employee who is authorized to have access to nonpublic personal information is required to keep such information in a secure compartment or receptacle on a daily basis as of the close of business each day. All electronic or computer files containing such information are password secured and firewall protected from access by unauthorized persons. Any conversations involving nonpublic personal information, if appropriate at all, must be conducted by employees in private, and care must be taken to avoid any unauthorized persons overhearing or intercepting such conversations. 

 

Initial Privacy Notices

TruNorth must provide initial privacy notices in two situations:

When a “customer relationship” is established, initial notice must be given no later than the time the investment adviser establishes a "customer relationship" with an individual. The term "customer relationship" is defined to mean a continuing relationship. A customer relationship exists when an individual enters into an advisory contract or when a securities transaction is effected. Initial notice may be given at the same time an investment adviser is required to give other notices, such as the required notice of credit terms in margin transactions, or the written disclosure statement (brochure) that an investment adviser must provide a client with no later than the time of entering into an advisory contract with the client (requiring delivery of the brochure (i) not less than 48 hours before entering into an investment advisory contract with the client or (ii) at the time of entering into the contract as long as the client has at least 5 business days to cancel the contract without penalty). There are several situations in which initial notice may be delayed even after a customer relationship is established. Those situations include instances where the consumer's transaction would otherwise be delayed and the consumer agrees to receive the notice at a later time as well as when a nonaffiliated investment adviser or broker-dealer purchases fund shares or establishes a brokerage account on behalf of a customer.

Even if no customer relationship is established, initial notice must be given if TruNorth obtains nonpublic personal information from a "consumer" and plans to disclose the information to a nonaffiliated third party. The term "consumer" is defined to mean an individual who has obtained a financial product or service from an investment adviser or if that product or service is to be used primarily for personal, family or household purposes. For example, an individual who provides nonpublic personal information to obtain investment advisory services is considered to be a "consumer," even if no ongoing advisory is established. But an individual who provides his or her name, address, and areas of investment interest solely as part of a request for an investment adviser brochure or a prospectus would not be considered to be a "consumer". 

 

Annual Privacy Notices

Privacy notices must be provided to clients annually until the customer relationship is terminated (for example, when an investment advisory relationship is terminated). "Annually" means at least once in any period of 12 consecutive months during which the relationship exists.

 

Revised Privacy Notices

If an existing client obtains a new financial product or service, TruNorth does not need to send an additional privacy notice as long as the most recent notice is accurate with respect to that product or service. If there have been significant changes since the last notice was given (for example, a planned disclosure of nonpublic personal information to a new category of nonaffiliated third party), TruNorth must provide a revised notice.