Why does The Newport Group handle nonpublic personal information?
The Newport Group, Inc., Newport Retirement Services, Inc. and Newport Group Securities, Inc. (hereinafter collectively referred to as “Newport”) are engaged in the businesses of designing, enrolling, funding, and administering executive benefit plans and qualified retirement plans and providing fee-for-service investment consulting services. Newport Group Securities, Inc. (“NGS”) is registered as an investment adviser with the Securities and Exchange Commission as well as a securities broker-dealer with the Financial Industry Regulatory Authority. In its capacity as an investment adviser, NGS provides institutional investment consulting and fiduciary advisory services primarily to participant and trustee-directed retirement plans and their sponsors. In its capacity as broker-dealer, NGS is primarily engaged in the sale and administration of mutual funds and variable insurance products. Newport Retirement Services functions as an administrator and record keeper for qualified defined benefit and defined contribution plans. The Newport Group functions as a general agent for general account insurance products and other non-securities, and provides administrative and record keeping services for non-qualified plan clients and those of Newport Group Securities.
In the course of pursuing our stated business objectives, Newport collects, maintains, and otherwise has access to nonpublic personal information about our clients and potential clients, their employees, family members, trustees and other fiduciaries, directors, and affiliates. Newport maintains physical, procedural, and electronic safeguards to protect the privacy of every person whose nonpublic information we obtain or have access to. This Statement describes those safeguards.
What information does Newport maintain or have access to?
In order to provide administration services, Newport collects and/or has access to account balances, investment strategies employed, policy coverage amounts, shares of financial products owned, payment histories, claims information, Social Security numbers, dates of birth, and beneficiary designations and information.
For securities sales, Newport also is required to maintain information concerning sources of income, net worth, past investments and investment preferences.
In its consulting/insurance function, Newport may collect/maintain census data about employees, family members, or other affiliated individuals (e.g. directors, independent contractors) from sponsoring employers and potential sponsoring employers concerning benefits and financial product funding programs they seek to evaluate or implement and copies of forms required by the issuing insurance companies. These forms contain nonpublic information including Social Security numbers, dates of birth, personal and family medical history, employment history, compensation history, and certain personal habits. Newport may also receive information from consumer reporting agencies and other sources such as credit reports, motor vehicle and driver data, and loss history reports.
What do we do with the information?
The nonpublic personal information Newport maintains is shared with financial product providers, trustees, other fiduciaries of clients, other agents, and such other parties (e.g. third-party record keeping system providers) necessary to further the objectives of our clients and potential clients. The financial product providers are required by both federal and state law to maintain strict privacy policies. Trustees and fiduciaries are bound by law and their direct fiduciary relationship with the client to safeguard nonpublic personal information. Agents and our administration system vendors are under contract with Newport to safeguard nonpublic personal information to the same degree as if it were maintained at Newport. Newport does not provide such information to any entity other than those which need to know such information to provide the requested service(s).
How do we safeguard nonpublic personal information internally?
Newport maintains physical, electronic, and procedural safeguards to protect nonpublic personal information. Such information may be stored in either hard copy or electronic format (or both).
Certain records are stored in print and are maintained either in lockable filing cabinets located within the secure premises of Newport’s offices or, if dated, in a controlled access storage facility near Newport’s offices. Newport’s offices are locked and a security alarm system is armed at all times except during normal business hours.
Electronic Safeguards: Information is stored on a Local Area Network, accessible only by Newport employees. Access to the LAN is password protected. A firewall is maintained, preventing access through the internet. Remote access to the LAN is permitted to select Newport employees only, and is double password protected. Information submitted to Newport via Newport’s website is encrypted to protect it from interception by a third party. The Personal Identification Numbers and user sign-on protocol also ensures that the information provided remains secure.
All Newport employees have signed contracts prohibiting them from disclosing nonpublic personal information to any third party except in furtherance of client and potential client goals on a need-to-know basis. Training is conducted with all new employees stressing the importance of safeguarding nonpublic personal information. Standard Newport procedures include: (1) sharing information internally with other Newport employees only on a need-to-know basis; (2) keeping nonpublic personal information in closed files when not physically working with it; (3) logging off the LAN whenever leaving their workspace for more than one hour.