17 CFR § 200.301 - Purpose and scope.
(a) The Privacy Act of 1974, Pub. L. 93-579, 88 Stat. 1896, is based, in part, on the finding by Congress that “in order to protect the privacy of individuals identified in information systems maintained by Federal agencies, it is necessary and proper for the Congress to regulate the collection, maintenance, use, and dissemination of information by such agencies.” To achieve this objective the Act, among other things, provides, with some exceptions, that Federal agencies shall advise an individual upon request whether records maintained by the agency in a system of records pertain to the individual and shall grant the individual access to such records. The Act further provides that individuals may request amendments or corrections to records pertaining to them that are maintained by the agency, and that the agency shall either grant the requested amendments or set forth fully its reasons for refusing to do so.
(b) The Securities and Exchange Commission, pursuant to subsection (f) of the Privacy Act, adopts the following rules and procedures to implement the provisions of the Act summarized above, and other provisions of the Act. These rules and procedures are applicable to all requests for information, access or amendment to records pertaining to an individual that are contained in any system of records that is maintained by the Commission.