Securing your data
Safeguarding Your Personal Information
Commonwealth Financial Network®, like all broker/dealers, is responsible for ensuring compliance with federal and state regulations in a number of key areas—among them protecting investors' personal and nonpublic financial information.
To that end, Commonwealth has implemented a Written Information Security Program (WISP), which outlines specific policies and procedures for properly handling your data and safeguarding it from misuse, unauthorized access or disclosure, loss, alteration, or destruction.
This program complies with the strictest state and federal regulations currently in existence, and its goal is to create a culture in which sensitive information is willingly and enthusiastically protected. We believe that the administrative, physical, and technical safeguards that have been implemented are appropriate to the size and complexity of our operation and the nature and scope of our activities.
Compliance with federal regulations
Commonwealth's policies and procedures are in accordance with SEC Regulation S-P, which implements certain provisions of the Gramm-Leach-Bliley Act and the Fair Credit Reporting Act and became effective on November 13, 2000. These policies and procedures address administrative, technical, and physical safeguards for protecting customer records and information and for responding to unauthorized access to or use of personal information. And, as required, they are "reasonably designed to insure the security and confidentiality of customer records/information, protect against anticipated threats to sensitive customer information, and protect against unauthorized access to or use of customer records/information."
Proactively aiming for the highest standard
In addition to complying with federal regulations, Commonwealth must adhere to individual state laws in every state where our advisors do business and where their clients reside. While the states vary in the stringency of their laws, Commonwealth, in the best interest of our advisors' clients, adopted the most rigorous standards across the breadth of our network.
Our program mandates myriad physical, technical, and administrative protections, and compliance with them is required of all advisors, advisor support staff, and Commonwealth home office employees. These measures include, but are not limited to:
- Physical safeguards. These include auto-locking doors and maintaining controlled keycard access to Commonwealth facilities, providing for the secure destruction and disposal of paper and media containing personal information, and procedures for identifying and managing visitors to Commonwealth facilities.
- Technology safeguards.In addition to the continuous monitoring of our home office systems and data centers for threats, Commonwealth policies require up-to-date antivirus and spyware protection on all computers, multiple layers of firewall protection, e-mail data encryption, encryption of laptops and portable media, data-loss prevention, secure and environmentally safe disposal of retired computer equipment, and the required, frequent resetting of strong network passwords.
- Organizational safeguards.Through ongoing training and awareness programs on security and privacy, we aim to ensure that home office employees understand the importance of and means by which they must protect customer personal information, as well as the privacy policies and standards that govern how Commonwealth handles personal information.
- Restricted access.Commonwealth authorizes access to your nonpublic personal information only to Commonwealth employees and other third parties who need that information to serve you or to assist us in conducting our operations.
- Auditing. Commonwealth performs internal home office and third-party audits of our information security program in an effort to ensure that our program remains effective and that safeguards designed to protect customer information are in place and adhered to.
An active and ongoing program
Commonwealth is firmly committed to complying with all laws and regulations designed to protect the information entrusted to us. We continue to monitor changes to data security regulations at both the federal and state levels, and we will amend our policies as necessary.