Investment advisers are required by law to inform their clients of their policies regarding privacy of client information. We are bound by professional standards of confidentiality that are even more stringent than those required by law.
Federal law gives the customer the right to limit some but not all sharing of personal information. It also requires us to tell you how we collect, share, and protect your personal information.
TYPES OF NONPUBLIC PERSONAL INFORMATION (NPI) WE COLLECT
We collect nonpublic personal information about you that is either provided to us by you or obtained by us with your authorization. This can include but is not limited to your Social Security Number, Date of Birth, Banking Information, Financial Account Numbers and/or Balances, Sources of Income, and Credit Card Numbers or Information. When you are no longer our customer, we may continue to share your information only as described in this notice.
PARTIES TO WHOM WE DISCLOSE INFORMATION
All Investment Advisers may need to share personal information to run their everyday business. In the section below, we list the reasons that we may share your personal information:
WE DO NOT DISCLOSE YOUR INFORMATION FOR
Clients may opt out of sharing information for joint marketing to other financial companies, to our affiliates and to non-affiliates. If you are a new customer we may begin sharing your information on the day you sign our agreement. When you are no longer our customer, we may continue to share your information as described in this notice. However, you can contact us at any time to limit our sharing.
PROTECTING THE CONFIDENTIALITY OF CURRENT AND FORMER CLIENT’S INFORMATION
To protect your personal information from unauthorized access and use, we use security measures that comply with federal law, including computer safeguards and secured files and building.
FEDERAL LAW GIVES YOU THE RIGHT TO LIMIT SHARING – OPTING OUT
Federal law allows you the right to limit the sharing of your NPI by “opting-out” of the following: sharing for non-affiliates’ everyday business purposes – information about your creditworthiness; sharing with affiliates who use your information to market to you; or sharing with non-affiliates to market to you. State laws and individual companies may give you additional rights to limit sharing. Please notify us immediately if you choose to opt out of these types of sharing.
DEFINITIONS: Affiliates – companies related by common ownership or control. They can be financial and non-financial companies; Non-affiliates – companies not related by common ownership or control. They can be financial and non-financial companies; Joint marketing – a formal agreement between non-affiliated financial companies that together market financial products or services to you.
Barnai Asset Management’s top priority is the security and privacy of clients’ personal information, and cybersecurity plays an essential role in protecting clients’ nonpublic information. BAM continually researches and reviews potential threats and recommended precautions to protect against those threats, from credible sources including the US Securities and Exchange Commission.
ELECTRONIC FILES & DATABASES
BAM does not store any client information on internal servers, computer hard drives or external hard drives. All client information and documents are stored at Redtail Technology data centers and Carbonite data centers. BAM has thoroughly reviewed and approved both Redtail Technology’s and Carbonite’s security and privacy policies, as well as their back-up and recovery plans.
PASSWORD POLICY & 2-STEP VERIFICATION
BAM employees and access persons are required to use different alphanumeric passwords for all online accounts. They are also required to change all of their passwords either quarterly or annually based upon the individual system and the client information stored within. In addition, BAM educates employees and access persons on the importance of enabling multi-authentication login for all subscribed services that offer it.
ANTIVIRUS SOFTWARE & FIREWALL PROTECTION
All BAM computers have up-to-date antivirus software and/or use a firewall to prevent unauthorized applications, programs, or services from accepting incoming connections.
BAM Initiated Communication: BAM communicates with clients regularly using email and phone. The only employees of BAM that will contact clients are Adam Barnai and Caitlin Erwin. If an information request appears suspicious, BAM advises clients to contact Adam Barnai or Caitlin Erwin to verify that it is a legitimate BAM request before providing any information. BAM never requests or sends sensitive, personal information by email. BAM may gather sensitive client information through forms sent via DocuSign, secure electronic platforms, or by phone.
Clients Contacting BAM: BAM only responds to emails in which the email address and client are recognized. If an email is received that is not recognized as belonging to a client or if the email is suspicious in nature, BAM will call the client to verify the authenticity of the email. BAM will not email requested confidential information such as account numbers, social security numbers, and passwords. BAM initially verifies client phone calls by telephone numbers on record and/or voice recognition. If BAM is uncertain to the identity of the caller, BAM will verify identity by asking for the client’s date of birth, address, and/or the last four digits of their social security number.
SSG Institutional is BAM’s official brokerage firm. From time to time, SSG may require additional client information or may need to verify client information; SSG will contact clients directly for such information. If a client is uncertain as to the validity of the request, BAM encourages the client to refrain from providing information until contacting BAM. SSG regularly emails clients notifications of quarterly statements, trade confirmations, and other account information.
BAM encourages clients to: change their passwords regularly; not use the same password for multiple accounts; not share their passwords with anyone; and keep social media profiles private.
SOCIAL MEDIA SECURITY
BAM, as a business entity, does not have or utilize any social media accounts at this time. All BAM employees and access persons have been educated on the importance of keeping personal social media profiles private in order to protect their personal information from attackers that may try phishing for it.
SECURITY & PRIVACY REVIEW OF THIRD PARTIES
BAM obtains and reads all security and privacy policies before subscribing to individual services of third party providers to ensure that they take necessary and recommended precautions to protect clients’ security and privacy. In addition to initial reviews of these third party policies, BAM thoroughly reviews all third party privacy policies and technology services security at least once annually.
DATA BACK-UP & RECOVERY
BAM business data and client information is backed up regularly, and to multiple secure data centers. Recovery of backed-up information is provided per request by the individual systems storing the back-ups and BAM employees are able to access back-ups from Carbonite data centers anytime they are needed.
CYBERSECURITY RISK ASSESSMENT
BAM conducts annual technology security risk assessments to prevent cyber attacks and security breaches, and to develop any improvements. This includes interviewing employees and access persons to determine that they are following all BAM security policies regularly. It also includes reviewing the security and privacy statements for all applicable third parties to ensure they are taking necessary precautions to ensure cyber security.
Cybersecurity Attack or Breach of Client Information Plan:
Please call if you have any questions. Your personal information security, our professional ethics, and the ability to provide you with qu