Browse FINRA SIE & Series Exam Guides

Series 82 Privacy and Information Security Disclosures Guide

May 12, 2026

Study privacy and information security disclosures for FINRA Series 82 with learning objectives, private-placement workflow controls, decision rules, and exam traps.

On this page

This Series 82 lesson covers privacy and information security disclosures within Opening Accounts and Evaluating Customer Profiles. Read it as a private-placement representative workflow topic, not as a general securities-law outline. The exam usually asks what the representative, firm, or supervisor should do next when a private offering fact pattern creates a communication, eligibility, recommendation, documentation, or processing issue.

For this section, the working frame is account opening, identity screening, legal authority, privacy, customer profile, and supervisory approval. Strong answers complete the account and investor-profile record before accepting a subscription or treating the customer as approved.

Learning Objectives

  • Explain the purpose of privacy notices at a high level and identify when initial privacy disclosures are typically delivered.
  • Explain opt-out notice concepts at a high level and identify when customers may have choices about information sharing.
  • Identify disclosure limitations and exceptions at a high level and explain why some sharing is permitted for servicing, legal, or regulatory purposes.
  • Identify safeguards expectations for nonpublic personal information (NPI) and the control objective of preventing unauthorized access (high level).
  • Given a scenario involving sharing private offering materials containing customer data, identify what information should be minimized or protected and how (high level).
  • Explain how privacy and information security controls interact with electronic onboarding and e-signature workflows (high level).
  • Given a suspected data incident scenario, select the best immediate steps (contain, escalate, document, and notify) at a high level.
  • Identify record retention expectations for privacy notices, opt-out elections, and information security control evidence (high level).

Exam Focus

Series 82 questions in this area usually combine a private offering fact with a required control step. Do not stop at naming the rule or document. Ask what the rule or document does in the transaction workflow: does it limit who may be contacted, prove investor status, support a recommendation, preserve a disclosure, or stop a transaction from being processed incorrectly?

The strongest answer is normally conservative and procedural. It gathers missing facts, uses the controlling offering document, obtains required approvals, documents the customer-specific basis, or escalates the issue instead of improvising at the representative level.

How to Apply This Section

Use this four-step sequence when a vignette feels crowded:

StepQuestionWhy it matters
Identify the offering factWhat private placement, exemption, investor, document, recommendation, or transaction step is being tested?It keeps the question inside the Series 82 lane.
Find the missing controlIs the issue approval, eligibility, disclosure, profile fit, recordkeeping, or processing?Most wrong answers skip the control step.
Match the customer or documentDoes the customer profile, subscription file, PPM, agreement, or firm record support the action?Private offerings depend on documented support.
Choose the next stepShould the representative proceed, correct, disclose, document, obtain approval, or escalate?Series 82 often tests next-action judgment.

Decision Table

If the stem includes…First concernStronger answer pattern
entity account or trust signerlegal authoritycollect and verify authorization documents before accepting instructions
incomplete customer profileKYC and recommendation supportgather missing financial, objective, liquidity, and concentration facts
red flags or suspicious activityscreening and escalationfollow firm escalation procedures before opening or continuing the account
customer information request or privacy issueinformation securityapply privacy controls and disclose only as permitted

What Stronger Answers Usually Do

  • keep the analysis inside the limited private securities offerings role
  • verify investor status, customer profile, and authority before relying on investor interest
  • treat the PPM, subscription documents, customer profile, and firm records as evidence, not paperwork
  • escalate communications, compensation, suspicious activity, complaint, or processing defects when the representative cannot resolve them alone

Common Pitfalls

  • confusing accredited status with full profile approval
  • accepting incomplete entity or authority documents
  • treating privacy and suspicious-activity concerns as paperwork details
  • choosing the answer that completes the sale fastest instead of the answer that preserves the required control
  • memorizing labels without knowing what the representative must do with the information

Review Checklist

Before leaving this section, make sure you can answer these prompts from memory:

  • Explain the purpose of privacy notices at a high level and identify when initial privacy disclosures are typically delivered.
  • Explain opt-out notice concepts at a high level and identify when customers may have choices about information sharing.
  • Identify disclosure limitations and exceptions at a high level and explain why some sharing is permitted for servicing, legal, or regulatory purposes.
  • Identify safeguards expectations for nonpublic personal information (NPI) and the control objective of preventing unauthorized access (high level).
  • Given a scenario involving sharing private offering materials containing customer data, identify what information should be minimized or protected and how (high level).
  • Explain how privacy and information security controls interact with electronic onboarding and e-signature workflows (high level).
  • Given a suspected data incident scenario, select the best immediate steps (contain, escalate, document, and notify) at a high level.
  • Identify record retention expectations for privacy notices, opt-out elections, and information security control evidence (high level).
  • State what document, approval, disclosure, or customer fact would prove the correct next step.
  • Explain when the representative should stop and escalate rather than proceed.

Key Takeaways

  • Series 82 is narrow; keep every answer inside the private-placement representative workflow.
  • The best answer usually documents, verifies, discloses, approves, or escalates before proceeding.
  • Investor eligibility, customer profile, offering documents, and firm records work together; no single label solves the whole question.
  • When two answers sound plausible, choose the one that leaves the firm with the cleaner supervisory record.
Revised on Friday, May 29, 2026
2.3 Account Authorizations & Legal Documents
2.5 Investment Profile & Investor Verification