Last month, the U.S. Securities and Exchange Commission (“SEC”) proposed revisions to its regulations under the Privacy Act of 1974, 5 U.S.C. § 552a. The Privacy Act is a federal statute governing the collection and use of personal information by federal agencies. The statute gives individuals a right to access records about themselves and to have inaccurate records corrected. (The SEC processes roughly 100–300 requests per year under the Privacy Act.). If adopted, the proposal would be the first revision to the SEC’s Privacy Act regulations since 2011.
The SEC’s proposed regulations would do four main things: (1) streamline the procedure for filing a request, including by allowing electronic identity verification; (2) codify existing practices regarding fees for copying of records; (3) eliminate duplicative provisions; and (4) add provisions supplementing information provided about disclosures of personal information and formally implement the 90-day deadline for filing any administrative appeal. “Due to the scope of the revisions, the proposed rule would replace the Commission’s current Privacy Act regulations in their entirety.”
Comments on the proposal are due on April 17, 2023. Privacy World will be here to keep you in the loop on any developments.