Under amended FINRA Rule 8210 - effective on 12/29/10 - information that a firm provides via a portable media device in response to a FINRA RFI (request for information), under FINRA Rule 8210) must be encrypted.

    Office of General Counsel Contacts:  Emily Gordy, Enforcement @ (202) 974-2916;  Laurie Dzien, Office of General Counsel ("OGC") @ (240) 386-6339;  Stan Macel, OGC @ (202) 728-8056.  

For complete details, click onto:   [FINRA RegNote 10-59, November]

    Background Info.   FINRA Rule 8210, Provision of Information and Testimony and Inspection and Copying of Books, has been amended to require that information provided via a portable media device pursuant to a request under the rule be encrypted, as described in more detail in the announcement.  

Firms and their associated persons often submit electronic-responses to FINRA RFI's - using a CD-ROM, DVD or portable hard drive.  In many instances, responses contain personal information that needs to be safeguarded. 

And so, the amended rule requires that when information responsive to a request pursuant to Rule 8210 is provided on a portable media device, it must be “encrypted” or encoded, and can be opened only with a confidential process or key.  To help ensure that encrypted information is secure, persons providing encrypted information to FINRA via a portable media device are required:

• to use an encryption method that meets industry standards for strong encryption;
• to provide FINRA staff with the confidential process or key - sent under separate cover - i.e., in a separate email, fax or letter.

Currently, FINRA views industry standards for strong encryption to be 256-bit or higher encryption.  Encryption software meeting this standard is widely available as embedded options in desktop applications and through various vendors via the Internet at no cost or minimal cost to the user.