SEC Fines Former Executives For Client Privacy Breach

  /     /     /  
Publicated : 22/11/2024   Category : security


SEC Fines Former Executives For Client Privacy Breach


Private information on 16,000 customers was transferred to a departing managers new employer in violation of government notification and opt-out regulations.



(click image for larger view)
Slideshow: 10 Massive Security Breaches
The Securities and Exchange Commission (SEC) announced Thursday that its levied its first-ever fine against people solely for failing to properly protect customer data.
According to the SEC, the charges involve former employees of GunnAllen Financial, a broker-dealer that was winding down its operations last year, prior to being liquidated in November 2010. The SEC said that former president Frederick O. Kraus and former national sales manager David C. Levine violated customer privacy rules by improperly transferring customer records to another firm.
The third person charged was chief compliance officer Mark A. Ellis, for failing to ensure that the firms policies and procedures were reasonably designed to safeguard confidential customer information, said the SEC. The agency also labeled GunnAllens
data privacy rules
and regulations as vague and little more than a rewording of SEC regulations.
Kraus and Levine were ordered to pay penalties of $20,000 each, and Ellis $15,000. None confirmed or denied the SECs findings.
Brokerage customers should be able to trust that sufficient safeguards are in place to protect their private information from unauthorized access and misuse, said Eric I. Bustillo, director of the SECs Miami regional office, in a statement. Protecting confidential customer information is particularly important when a broker-dealer is winding down operations.
As far as SEC privacy fines go, this case is a first, in that its the first one in which people were charged only with violating Regulation S-P, which is known as the Safeguard Rule. According to a
blog post
from attorney Michael Epshteyn, an associate at Hogan Lovells, Regulation S-P requires broker-dealers, investment advisers, and other financial institutions under the SECs jurisdiction to protect their customers nonpublic personal information and to provide their customers the right to opt out of having their information shared with unaffiliated third parties.
According to the SEC, Kraus authorized Levine to take information from more than 16,000 GunnAllen accounts to his new employer as the firm wound down operations in April 2010. Levine downloaded customer names and addresses, account numbers, and asset values to a portable thumb drive, and provided the records to his new employer after resigning from GunnAllen.
Customers didnt receive sufficient or advance notice that their data was being
shared
, said the SEC, and werent given the required option to opt out.
Interestingly, GunnAllen had been previously involved in at least four breaches involving customer data -- three involving
stolen laptops
, and one case of a
former employee
accessing corporate email using stolen credentials. Despite the security breaches, Ellis failed to revise or supplement GunnAllens policies and procedures for safeguarding customer information, said the SEC.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
SEC Fines Former Executives For Client Privacy Breach