Skip to main content

Protecting Personal Information in Registration Form Filings

Firms and associated persons are required to provide complete, up-to-date and accurate information on registration forms (e.g., Form BD, Form U4, Form U5 and other forms) (“Filings”). Some of the information required to complete these Filings is personal information. Please review the guidance provided on this page on how to protect this information.

Personal Information Required

As a matter of course, some personal information is required to complete the Filings. For example, Form U4 General Information requires the filer to provide his/her Social Security Number (SSN). Most required personal information is entered into specific, defined text fields, where the inclusion of such data is expected. This allows for protection of those fields from inadvertent disclosure.

Personal Information May Be Required

Sometimes Filings require that you enter information that in some instances may be personal information. For example, the Form U4 Judgment/Lien Disclosure Reporting Page requests the “Docket/Case#” of the case related to the judgment or lien. The Docket/Case# is usually public information. However, in some limited cases it may be an SSN, bank card number or other personal identification number. In such circumstances, the Form U4 provides a means to alert users that the particular Docket/Case# is personal information by checking a box next to the field that requests the Docket/Case#. If the box is checked, it will alert users that the particular Docket/Case# reflects personal information. If the box is not checked, the particular Docket/Case# will be treated as a public Docket/Case#.

Personal Information Not Required

Filings frequently solicit information in response to a more general question that does not require personal information. For example, the Form U4 Customer Complaint/Arbitration/Civil Litigation DRP requests that you provide “Allegation(s) and a brief summary of the events related to the allegation(s).” When providing the requested allegations and summary, do not include personal information specific to a broker, customer or any other individual. Refrain from providing specific account numbers (such as “Account # XYZ-1234567”), and instead provide a description of the customer’s account (such as, “Customer Account 1,” “insurance account,” or “variable annuity A”). When providing a narrative response to an open-ended question, do not include personal information of any kind. Instead, use descriptive information that does not include personal information to provide the complete, up-to-date and accurate required response.

Remember to only provide personal information about customers in response to specific questions that solicit that information. For example, the Form U4 Customer Complaint/Arbitration/Civil Litigation DRP requests that you provide a “Customer Name” in response to Question 1. The customer name should not be included in response to the “Allegation(s) and a brief summary of the events related to the allegation(s)” or “Comment” questions. When responding to those questions, use a description such as “customer” or “Customer 1.”

If you have questions about how to appropriately complete a filing and protect personal information, please contact FINRA or your state securities regulator.