Branch office staff members must safeguard the security and confidentiality of PII from unauthorized access, alteration or destruction; protect against anticipated threats or hazards to the security or integrity of the information; protect against unauthorized access to or use of the information that could result in substantial harm or inconvenience to a customer or LPL Financial; and ensure the proper disposal of the information.
A Branch Office staff member must not disclose any PII regarding a customer to anyone other than the customer or staff members who have a legitimate business need for obtaining the information, or as contained in the policies and standards of LPL Financial.
1 Regulation S-P is a regulation promulgated by the SEC and can be found at 17 CFR Part 248. Section 248.30 of Regulation S-P. Regulation S-P requires every regulated entity to adopt policies and procedures that address administrative, technical and physical safeguards for the protection of customer records and information. See http://www.sec.gob/rules/final/34-42974.htm
Any violation of this Policy and its Standards, intentional or unintentional, must be promptly reported immediately to the Privacy Office of LPL Financial via the Security Incident Hotline: (866) 578-7011.
This policy establishes a standard LPL Financial branch office approach to safeguarding PII by:
Requiring administrative, technical, and physical safeguards for the protection of PII.
Mandating standards and procedures that define the required administrative, technical, and physical safeguards for the protection of PII. The standards and procedures include the security safeguard requirements for:
Computer hardware and network systems used to conduct LPL Financial business
Laptops and desktops used to conduct LPL Financial business
Smartphones, tablets, and any other mobile devices used to conduct LPL Financial business
Security and virus protection software
Email communication
Secure connection and communication to the LPL Financial environment
Encryption of data
Proper disposal of information
Proper disposal of hardware
Physical office security requirements
Reporting to LPL Financial when actual or suspected unauthorized access to information occurs.
Training branch office staff on information security program requirements.
Roles and Responsibilities
It is the responsibility of the Office of Supervisory Jurisdiction (“OSJ”) to ensure that every staff member reads and adheres to the Policy and Standards and related communications. LPL Financial will evaluate the effectiveness of the BOSP annually or when there is a material change in its business practices or in the business practices of its branch offices.
OSJs are required to annually attest to the compliance of their respective branches and should have procedures in place to ensure continual compliance.
For those branches under the supervision of the LPL Financial home office, it is the responsibility of each financial advisor and staff member to read and adhere to BOSP and related communications.
Written procedures must be maintained within the Branch Office that instruct office staff on the appropriate methods for complying with these standards. You may be asked to provide these procedures and other evidence demonstrating compliance with these standards during compliance examinations.
It is a violation of the duties required under the BOSP to disable, bypass, circumvent, or otherwise attempt to negate the information security measures of LPL Financial. Any individual found in violation of this Policy may be subject to disciplinary action, including monetary penalties, termination of affiliation with the firm, or legal action depending on the severity of the violation.
Please contact security.mailbox@lpl.com for all questions and comments concerning the BOSP to the LPL Financial Privacy Office.