Skip to main content
Home » About » Privacy Policy » Safeguarding and Disposal of Client Information

Safeguarding and Disposal of Client Information

Safeguarding and Disposal of Client Information

McCurdy & Andrew Investments, LLC. restricts access to NPI to those employees who need to know such information to provide services to our clients.

Any employee who is authorized to have access to PI is required to keep such information in a secure compartments or receptacle annually. All electronic or computer files containing such information shall be password secured and firewall protected from access by unauthorized persons. Any conversations involving NPI, if appropriate at all, must be conducted by employees in private, and care must be taken to avoid any unauthorized persons overhearing or intercepting such conversations.

Safeguarding standards encompass all aspects of the McCurdy & Andrew Investments, LLC. that affect security. This includes not just computer security standards but also such areas as physical security and personnel procedures. Examples of important safeguarding standards that McCurdy & Andrew Investments, LLC. may adopt include:

  • access controls on customer information systems, including controls to authenticate and permit access only to authorized individuals and controls to prevent employees from providing customer information to unauthorized individuals who may seek to obtain this information through fraudulent means (e .g., requiring employee use of user ID numbers and passwords, );
  • access restrictions at physical locations containing customer information, such as buildings, computer facilities, and records storage facilities to permit access only to authorized individuals (e.g.intruder detection devices, use of fire and burglar resistant storage devices);
  • encryption of electronic customer information, including while in transit or in storage on networks or systems to which unauthorized individuals may have access;
  • procedures designed to ensure that customer information system modifications are consistent with the firm's information security program (g.independent approval and periodic audits of system modifications);
  • dual control procedures, segregation of duties, and employee background checks for employees with responsibilities for or access to customer information (e.g., require data entry to be reviewed for accuracy by personnel not involved in its preparation; adjustments and correction of master records should be reviewed and approved by personnel other than those approving routine transactions, );
  • monitoring systems and procedures to detect actual and attempted attacks on or intrusions into customer information systems (e.g., data should be auditable for detection of loss and accidental and intentional manipulation);
  • response programs that specify actions to be taken when the firm suspects or detects that unauthorized individuals have gained access to customer information systems, including appropriate reports to regulatory and law enforcement agencies;
  • measures to protect against destruction, loss, or damage of customer information due to potential environmental hazards, such as fire and water damage or technological failures (e.g., use of fire resistant storage facilities and vaults; backup and store off site key data to ensure proper recovery); and
  • information systems security should incorporate system audits and monitoring, security of physical facilities and personnel, the use of commercial or in-house services (such as networking services), and contingency planning.

Any employee who is authorized to possess "consumer report information" for a business purpose is required to take reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal. There are several components to establishing 'reasonable' measures that are appropriate for the firm:

  • assessing the sensitivity of the consumer report information we collect;
  • the nature of our advisory services and the size of our operation;
  • evaluating the costs and benefits of different disposal methods; and
  • researching relevant technological changes and

Some methods of disposal to ensure that the information cannot practicably be read or reconstructed that McCurdy & Andrew Investments, LLC. may adopt include:

  • procedures requiring the burning, pulverizing, or shredding or papers containing consumer report information;
  • procedures to ensure the destruction or erasure of electronic media ; and
  • after conducting due diligence, contracting with a service provider engaged in the business of record destruction, to provide such services in a manner consistent with the disposal rule.