The primary purpose of delivering a privacy policy is to provide customers with clear disclosure about how a financial institution may collect, use, share, and safeguard nonpublic personal information (NPI) and what choices customers may have regarding sharing. That makes B correct. Under privacy requirements such as Regulation S-P (commonly tested on the SIE), firms must inform customers about their privacy practices and provide required notices so customers understand how their personal information is handled.

Choice A is incorrect because privacy policies are not primarily about “public information”; the regulatory focus is on nonpublic personal information, such as account numbers, balances, transaction history, social security numbers, and other sensitive data. Choice C is incorrect because the purpose is not to gather more information for marketing or solicitation; it’s to disclose practices and protect customer information. Choice D is incorrect because privacy policies do not automatically override state laws; privacy regulation involves both federal requirements and, in some cases, state provisions, and firms must comply with applicable laws rather than “removing” them.

On the SIE, you should connect privacy policy delivery to three ideas: (1) disclosure of information-sharing practices, (2) customer rights (such as opt-out where applicable), and (3) safeguards—the firm’s obligation to protect confidential customer information. This aligns with broader customer protection standards and the regulatory framework governing broker-dealer handling of client data.