United States: SEC Proposes Amendments To Its Privacy Rules (Regulation S-P)

Originally published April 8, 2008

Keywords: SEC, privacy rules, Regulation S-P, Gramm-Leach Bliley, GLBA, privacy policies, FTC, information security, security breach, response requirement, safeguards, disposal rule

The Securities and Exchange Commission (SEC) is proposing to amend Regulation S-P1 to require broker-dealers, investment companies, registered investment advisers and registered transfer agents to adopt comprehensive information security programs.2 In particular, proposed amendments to Sections 15 and 30 of Regulation S-P would create new reporting requirements for institutions that have experienced a breach of information security, introduce mandatory recordkeeping requirements, and limit the client information a registered broker-dealer representative or registered investment adviser representative may take with him or her when that representative moves from one brokerage or advisory institution to another. A summary of the Proposing Release is set forth below.

Background

Section 503 of the Gramm-Leach-Bliley Act (GLBA) requires every financial institution to inform its customers about that institution's privacy policies and practices, and limits the circumstances in which a financial institution may disclose nonpublic personal information about a consumer to a nonaffiliated third party without first giving the consumer an opportunity to opt out of the disclosure.3 Section 504(a) of the GLBA requires various federal regulators, including the SEC, to implement standards for financial institutions overseen by such regulators to safeguard customer information and records.4 In enacting the GLBA, Congress directed the SEC and other federal financial regulators to establish and implement information safeguarding standards requiring financial institutions subject to their jurisdiction to adopt administrative, technical and physical information safeguards.5 In response to the statutory mandate in the GLBA, the SEC promulgated Regulation S-P.6 The other federal regulators adopted substantially similar rules applicable to financial institutions covered by such regulators, and the Federal Trade Commission (FTC) adopted catch-all rules that apply to "financial institutions" not otherwise subject to the jurisdiction of the other federal regulators.7

The SEC is proposing amendments to Regulation S-P to address several concerns. First, there have been an increasing number of information security breaches involving the institutions that it regulates and there is a potential for identity theft and other misuse of personal financial information.8 Second, the SEC is concerned that some institutions in the securities industry are not regularly reevaluating and updating their information safeguarding programs to deal with the increasingly sophisticated methods of attack, such as "phishing" sites that target the financial sector.9 Finally, the SEC believes that departing representatives of institutions may have a strong incentive to transfer as much customer information as possible to their new institutions and that information may be transferred without adequate supervision, in contradiction of privacy notices provided to customers, or potentially in violation of Regulation S-P.10 The Proposing Release is intended to address these specific information security concerns and provide a framework under which institutions with departing representatives could share limited customer contact information and could supervise the information transfer to the representatives' new institutions.

Information Security Program

Under the proposed amendments to Section 30(a)(3) of Regulation S-P, every broker-dealer (other than a notice-registered broker-dealer), investment company, investment adviser registered with the SEC11 and transfer agent registered with the SEC (Covered Institutions) would be required to develop, implement and maintain a comprehensive "information security program" for protecting personal information and responding to unauthorized access to or use of personal information. Initially this would require Covered Institutions to: designate, in writing, one or more employees to coordinate the information security program; identify, in writing, reasonably foreseeable security risks that could result in the unauthorized disclosure, misuse, alteration, destruction or other compromise of personal information or personal information systems; create a written record of the design and implementation of their safeguards to control identified risks; train staff to implement the information security program; and oversee service providers and document that oversight in writing.12 Proposed amended Section 30(a)(3)(vi) of Regulation S-P also would require institutions to take reasonable steps to select and retain service providers that are capable of maintaining appropriate safeguards for personal information, document this finding, and enter into contracts with the service providers to implement and maintain appropriate safeguards. Reasonable steps could include the use of a third-party review of those safeguards such as a Statement of Auditing Standards No. 70 (SAS 70) report, a SysTrust report, or a WebTrust report.13

Security Breach Response Requirements

Covered Institutions also would have to adopt new written procedures relating to security breach incidents. Under proposed Section 30(a)(4), Covered Institutions would be required to have written procedures to: assess any incident involving unauthorized access or use and identify, in writing, what personal information systems and what types of personal information may have been compromised; take steps to contain and control the incident to prevent further unauthorized access or use and document all such steps taken in writing; promptly conduct a reasonable investigation and determine, in writing, the likelihood that the information has been or will be misused after the institution becomes aware of any unauthorized access to sensitive personal information; and notify individuals with whom the information is identified as soon as possible (and document the provision of such notification in writing) if the institution determines that misuse of the information has occurred or is reasonably possible.14

Moreover, Section 30(a)(4) of Regulation S-P would require an institution to provide notice to the SEC (or for certain broker-dealers, their designated examining authority) using Proposed Form SP-30 as soon as possible after the institution becomes aware of any incident of unauthorized access to or use of personal information in which there is a significant risk that an individual identified with the information might suffer substantial harm or inconvenience, or in which an unauthorized person has intentionally obtained access to or used sensitive personal information.15 A prompt response, in accordance with existing SEC guidance on the timely production of records, would be necessary in circumstances involving ongoing misuse of sensitive personal information.16 Information submitted to the SEC on Form SP-30 would be accorded confidential treatment to the extent permitted by law.17

Proposed Section 30(d)(10) of Regulation S-P would define "sensitive personal information" to mean "any personal information, or any combination of components of personal information, that would allow an unauthorized person to use, log into, or access an individual's account, or to establish a new account using the individual's identifying information," including the individual's Social Security number, or any one of the individual's name, telephone number, street address, e-mail address or online user name, in combination with any one of the individual's account number, credit or debit card number, driver's license number, credit card expiration date or security code, mother's maiden name, password, personal identification number, biometric authentication record, or other authenticating information.

Proposed Section 30(a)(5) of Regulation S-P would require notice to affected individuals as soon as possible, although Covered Institutions may delay notification if law enforcement requests in writing such a delay while it completes its criminal investigation.18 The notice would be required to: describe the incident and the type of information that was compromised, and what was done to protect the individual's information from further unauthorized access or use; include a toll-free telephone number or other contact information for further information and assistance from the institution; recommend that the individual review account statements and immediately report any suspicious activity to the institution; and include information about FTC guidance regarding the steps an individual can take to protect him or her against identity theft, a statement encouraging the individual to report any incidents of identity theft to the FTC, and the FTC's web site address and toll-free telephone number for obtaining identity theft guidance and reporting suspected incidents of identity theft.

Proposed Section 30(a)(5) of Regulation S-P also would require notice of unauthorized access or use of sensitive personal information to be delivered by "a means designed to ensure that the individual can reasonably be expected to receive it." It is unclear whether notices could be provided via electronic mail under this proposed provision. Banking agencies have reached the conclusion that an institution may choose to provide notices to all affected customers by telephone or by mail, or for those customers who conduct transactions electronically, using electronic mail notice.19

Extending the Scope of Safeguards and the Disposal Rule

Section 216 of the Fair and Accurate Credit Transactions Act of 2003 (the "FACT Act") requires banks, broker-dealers and other regulated entities to develop and maintain controls to ensure that they properly dispose of "consumer report information."20 Section 30(b)(ii), which effectively implemented this statutory mandate when it was adopted in 2004, defines "consumer report information" as any record about an individual, whether in paper, electronic, or other form that is a consumer report or that is derived from a consumer report.

The Proposing Release would amend Section 30(a) (the "safeguards rule") and Section 30(b) (the "disposal rule") under Regulation S-P so that both protect "personal information," and would define the term "personal information" to encompass any record containing either "nonpublic personal information" or "consumer report information." This will expand the scope of information covered by the disposal rule beyond the requirements of Section 216 of the FACT Act and those requirements imposed upon financial institutions by the federal banking agencies. "Personal information" also would include information identified with any consumer, or with any employee, investor, or securityholder who is a natural person, in paper, electronic or other form, that is handled by the institution or maintained on the institution's behalf. The Proposing Release also would make a conforming change to the definition of "personally identifiable financial information" by including, within the definition, information that is handled or maintained by a Covered Institution or on its behalf, and that is identified with any consumer, or with any employee, investor, or securityholder who is a natural person.

The safeguards rule currently applies to broker-dealers, registered investment advisers, and investment companies, but proposed Section 30(d)(14) of Regulation S-P would extend the safeguards rule to registered transfer agents by including information about individual investors maintained by registered transfer agents in the definition of "personal information." The disposal rule currently applies to broker-dealers, registered investment advisers, and investment companies, as well as to registered transfer agents, and proposed Section 30(b)(1) of Regulation S-P would extend the disposal rule to natural persons who are associated persons of a broker-dealer, supervised persons of a registered investment adviser, and associated persons of a registered transfer agent.21

Records of Compliance Requirement

The proposed amendments to Section 30 of Regulation S-P discussed above will, if adopted, require Covered Institutions to document that they have complied with the elements required to develop, maintain and implement the policies and procedures for protecting and disposing of personal information, including procedures relating to incidents of unauthorized access to, or misuse of, personal information. The periods of time for which the records would have to be preserved would vary by institution and would need to be consistent with existing recordkeeping rules. Broker-dealers would have to preserve the records for a period of not less than three years, the first two years in an easily accessible place as is generally required under Rule 17a-4 of the Securities Exchange Act of 1934. Registered transfer agents would have to preserve the records for a period of not less than two years, the first year in an easily accessible place. Investment companies would have to preserve the records for a period of not less than six years, the first two years in an easily accessible place. Registered investment advisers would have to preserve the records for five years, the first two years in an appropriate office of the investment adviser.

Information Disclosure When Representatives Leave Their Institutions

Proposed amendments to Section 15 of Regulation S-P will provide a framework under which institutions with departing representatives could share limited customer contact information and could supervise the information transfer to the representatives' new institutions. In particular, proposed Section 15(a)(8) provides an exception to the initial notice requirement in Section 4(a)(2), the opt-out requirements in Sections 7 and 10, and the initial notice requirement in connection with service providers and joint marketing in Section 13 of Regulation S-P. Section 15(a)(8) would limit an institution's disclose to the customer's name, a general description of the type of account and products held by the customer, and contact information, including address, telephone number and electronic mail information. The SEC considered an alternative approach that would require all institutions to include specific notice and opportunity to opt out of this information sharing in their initial and annual privacy notices.22 The SEC has not chosen the alternative approach and has instead chosen an approach that does not require specific disclosure.

Registered broker-dealers and registered investment advisers seeking to rely on the proposed exception would have to require their departing representatives to provide to them, no later than each representative's separation from employment, a written record of the information that would be disclosed pursuant to the exception, and broker-dealers and registered investment advisers would be required to preserve such records consistent with the proposed recordkeeping provisions of Section 30 of Regulation S-P.23 Under this limitation, an institution may not require or expect a representative from another institution to bring more information than necessary for the representative to solicit former clients.24

Endnotes

1 Regulation S-P is codified at 17 C.F.R. pt. 248.1 et seq.

2 See Exchange Act Release No. 57,427 (March 4, 2008), 73 Fed. Reg. 13,692 (March 13, 2008) (the "Proposing Release"), available at http://www.sec.gov/rules/proposed/2008/34-57427fr.pdf.

3 15 U.S.C. § 6803. As an aside, Regulation S-P's disclosure and opt-out requirements apply only to "nonpublic personal information" about "consumers" or "customers" (each a defined term). Under Section 3(g)(1) of Regulation S-P, a consumer is any individual who obtains a financial product or service that is to be used primarily for personal, family or household purposes. Under Section 3(j) of Regulation S-P, a customer is a consumer who has a continuing relationship with a financial institution. The distinction between "customer" and "consumer" is significant because the notice requirements are different for each type of relationship. Pursuant to Sections 14 and 15 of Regulation S-P, a financial institution must provide notice of its privacy policy to a "customer" when the customer relationship is formed and at least annually throughout the customer relationship. In contrast, a financial institution is required to provide notice of its privacy policy to a "consumer" only if it intends to disclose nonpublic personal information about the consumer to a nonaffiliated third party for purposes other than those permitted by Sections 14 and 15 of Regulation S-P.

4 15 U.S.C. § 6805(b)(1)-(2).

5 See 15 U.S.C. § 6801(b).

6 See Exchange Act Release No. 42,974 (June 22, 2000), 65 Fed. Reg. 40,334 (June 29, 2000); see also Exchange Act Release No. 44,730 (Aug. 21, 2001), 66 Fed. Reg. 45,138 (Aug. 27, 2001) (amending Regulation S-P to permit "notice registered broker-dealers"—i.e., futures commission merchants and introducing brokers that are registered by notice as broker-dealers in order to conduct business in security futures products under Section 15(b)(11)(A) of the Exchange Act—to comply with Regulation S-P by complying with financial privacy rules that the Commodity Futures Trading Commission adopted); see also Exchange Act Release No. 2332 (Dec. 2, 2004), 67 Fed. Reg. 71,322 (Dec. 8, 2004) (adopting the disposal rule under Section 30(b) of Regulation S-P and amending Regulation S-P to require that policies and procedures that institutions must adopt under Section 30(a) of Regulation S-P be in writing).

7 See 65 Fed. Reg. 33,646 (May 24, 2000) (adopting the FTC's privacy rules).

8 See Proposing Release at 13,693. In particular, the SEC notes a recent administrative proceeding, In re NEXT Financial Group Inc., Exchange Act Release No. 56,316 (Aug. 24, 2007).

9 See Proposing Release at 13,694.

10 See id. at 13,702. It appears that proposed amendments to Section 15 of Regulation S-P have been influenced by the existence of a so-called "recruiting protocol" developed in 2004. In the Proposing Release, the SEC notes that certain large broker-dealers entered into a protocol under which signatories agreed not to sue one another for recruiting one another's registered representatives, if the representatives take only limited client information to another participating firm. The SEC also notes that, under the protocol, the information that a departing representative may take to another firm is limited to each client's name, address, a general description of the type of account and products held by the client, and the client's phone number and e-mail address. Under the protocol, this information may be used at the representative's new firm only by the representative, and only for the purpose of soliciting the representative's former clients. Curiously, the Proposing Release does not address the key issue of whether users of the protocol may be considered compliant with Regulation S-P by the SEC.

11 Unregistered advisers, including state-registered advisers, are treated as "financial institutions" and are subject to FTC rules. See 15 U.S.C. § 6809(3)(A) (defining "financial institution" as "any institution the business of which is engaging in financial activities as described in section 1843(k) of title 12").

12 These requirements are similar to those adopted by the federal banking agencies and imposed on depository institutions. See, e.g., 12 C.F.R. Part 30, Appendix B (applicable to national banks).

13 See Codification of Accounting Standards and Procedures, Statement on Auditing Standards No. 70, Reports on Processing of Transactions by Service Organizations (American Inst. of Certified Public Accountants); see also Proposing Release at 13,696 n.41.

14 The requirements set forth in the Proposing Release are very similar to those imposed by the federal banking agencies. See Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Notice, 70 Fed. Reg. 15,736 (March 29, 2005).

15 The federal banking agency guidance on the required regulatory notification in the event of a security breach is broader than the SEC's significant risk standard in proposed Section 30(a)(4)(v)(A) of Regulation S-P. The federal banking agency guidance requires notice to the appropriate regulatory agency even in circumstances where there is no significant risk to customers. The federal banking agency made a conscious decision to adopt different standards for the required notice to regulators and the required notice to customers. See 70 Fed. Reg. 15,741 (March 29, 2005) ("The Agencies have concluded that the standard for notification to regulators should provide an early warning to allow an institution's regulator to assess the effectiveness of an institution's response plan, and, where appropriate, to direct that notice be given to customers if the institution has not already done so.").

16 See Proposing Release at 13,698.

17 See 17 C.F.R. § 200.83 (providing a procedure by which persons submitting information to the SEC can request that the information not be disclosed pursuant to a request under the Freedom of Information Act (5 U.S.C. § 552)).

18 In the case of a hacking or any suspicious transaction relevant to a possible violation of law or regulation, a broker-dealer may need to file a suspicious activity report. See 31 C.F.R. § 103.19 (requiring every registered broker-dealer to file with the Financial Crimes Enforcement Network, a bureau of the U.S. Department of Treasury, a report of any suspicious transaction relevant to a possible violation of law or regulation).

19 See 70 Fed. Reg. 15,736, 15,753 (2005).

20 See 15 U.S.C. § 1681w.

21 The term "associated person of a broker or dealer" would be defined by proposed paragraph (d)(1) of Section 30 to have the same meaning as in Section 3(a)(18) of the Exchange Act (15 U.S.C. § 78c(a)(18)). The term "supervised person of an investment adviser" would be defined by proposed paragraph (d)(13) of Section 30 to have the same meaning as in Section 202(a)(25) of the Investment Advisers Act (15 U.S.C. § 80b-2(a)(25)). The SEC proposed to include "supervised" persons of an investment adviser, rather than "associated" persons, in order to include all employees, including clerical employees, of an investment adviser who may be responsible for disposing of personal information. See Proposing Release at 13,701 n.87.

22 See id. at 13,703.

23 See id. at 13,701.

24 See id. at 13,703.



Comments on the Proposing Release should be submitted to the SEC on or before May 12, 2008.

* * * * * * * * * *


Learn more about our Financial Services Regulatory & Enforcement practice.

Mayer Brown is a global legal services organization comprising legal practices that are separate entities ("Mayer Brown Practices"). The Mayer Brown Practices are: Mayer Brown LLP, a limited liability partnership established in the United States; Mayer Brown International LLP, a limited liability partnership incorporated in England and Wales; and JSM, a Hong Kong partnership, and its associated entities in Asia. The Mayer Brown Practices are known as Mayer Brown JSM in Asia.

This Mayer Brown article provides information and comments on legal issues and developments of interest. The foregoing is not a comprehensive treatment of the subject matter covered and is not intended to provide legal advice. Readers should seek specific legal advice before taking any action with respect to the matters discussed herein.

Copyright 2008. Mayer Brown LLP, Mayer Brown International LLP, and/or JSM. All rights reserved.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Authors
 
In association with
Related Topics
 
Related Articles
 
Related Video
Up-coming Events Search
Tools
Print
Font Size:
Translation
Channels
Mondaq on Twitter
 
Mondaq Free Registration
Gain access to Mondaq global archive of over 375,000 articles covering 200 countries with a personalised News Alert and automatic login on this device.
Mondaq News Alert (some suggested topics and region)
Select Topics
Registration (please scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions

Mondaq.com (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of www.mondaq.com

To Use Mondaq.com you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.

Disclaimer

The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.

General

Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions