17 CFR § 240.13n-9 - Privacy requirements of security-based swap data repository.
(a)Definitions. For purposes of this section -
(2)Control (including the terms controlled by and under common control with) means the possession, direct or indirect, of the power to direct or cause the direction of the management and policies of a person, whether through the ownership of voting securities, by contract, or otherwise. A person is presumed to control another person if the person:
(i) Is a director, general partner, or officer exercising executive responsibility (or having similar status or functions);
(ii) Directly or indirectly has the right to vote 25 percent or more of a class of voting securities or has the power to sell or direct the sale of 25 percent or more of a class of voting securities; or
(iii) In the case of a partnership, has the right to receive, upon dissolution, or has contributed, 25 percent or more of the capital.
(3)Market participant means any person participating in the security-based swap market, including, but not limited to, security-based swap dealers, major security-based swap participants, and any other counterparties to a security-based swap transaction.
(4)Nonaffiliated third party of a security-based swap data repository means any person except:
(i) The security-based swap data repository;
(iii) A person employed by a security-based swap data repository and any entity that is not the security-based swap data repository's affiliate (and nonaffiliated third party includes such entity that jointly employs the person).
(5)Nonpublic personal information means:
(i) Personally identifiable information that is not publicly available information; and
(ii) Any list, description, or other grouping of market participants (and publicly available information pertaining to them) that is derived using personally identifiable information that is not publicly available information.
(6)Personally identifiable information means any information:
(ii) About a market participant resulting from any transaction involving a service between the security-based swap data repository and the market participant; or
(iii) The security-based swap data repository obtains about a market participant in connection with providing a service to that market participant.
(7)Person associated with a security-based swap data repository means:
(i) Any partner, officer, or director of such security-based swap data repository (or any person occupying a similar status or performing similar functions);
(b) Each security-based swap data repository shall:
(1) Establish, maintain, and enforce written policies and procedures reasonably designed to protect the privacy of any and all security-based swap transaction information that the security-based swap data repository receives from a security-based swap dealer, counterparty, or any registered entity. Such policies and procedures shall include, but are not limited to, policies and procedures to protect the privacy of any and all security-based swap transaction information that the security-based swap data repository shares with affiliates and non affiliated third parties; and
(2) Establish and maintain safeguards, policies, and procedures reasonably designed to prevent the misappropriation or misuse, directly or indirectly, of:
(i) Any confidential information received by the security-based swap data repository, including, but not limited to, trade data, position data, and any nonpublic personal information about a market participant or any of its customers;
(ii)Material, nonpublic information; and/or
(iii) Intellectual property, such as trading strategies or portfolio positions, by the security-based swap data repository or any person associated with the security-based swap data repository for their personal benefit or the benefit of others. Such safeguards, policies, and procedures shall address, without limitation:
(A) Limiting access to such confidential information, material, nonpublic information, and intellectual property;
(C) Adequate oversight to ensure compliance with this subparagraph.