Financial Industry Crisis Alert: The Safeguards Rule

Erik Bernstein financial industry crisis management Leave a Comment

Failing to protect customer data almost always results in a reputation hit that impacts the bottom line. The damage doesn’t stop there, though. Early this month Morgan Stanley was slapped with a $1 million fine by the U.S. Securities and Exchange Commission following security lapses that led to customer data being hacked and offered for sale online.

The settlement is due to a violation of the “Safeguards Rule”, and came about as a result of an employee transferring data from hundreds of thousands of accounts to his home computer. The computer was hacked, Morgan Stanley customer data wound up for sale online, and that’s where the SEC came in.

Haven’t heard of the Safeguard Rule? You’re not alone. It’s a federal regulation that states all financial institutions under FTC jurisdiction must have measures in place to keep customer data secure. This includes ensuring that not only your own employees aren’t doing anything to endanger security, but also that your affiliates and service providers are taking measures to protect the data they’re given access to. The definition of “financial institution” is a bit broader than you may think, encompassing  banks and investment groups, along with less expected businesses like real estate appraisers, tax preparers, and courier services. In other words, this rule affects a heck of a lot of organizations.

If this is news to you then you have some work ahead. Establish a plan to protect the data you hold and ensure your partners and employees are doing the same. Assemble a procedure for if you think data has been breached, and get everyone involved in the training they’ll need to actually succeed. In fact, even if this isn’t news for you it would probably be wise to review existing plans for flaws. You may think you have things handled with the plan that’s been sitting on a shelf for several years, but it’s likely there are more than a few holes by now.

The BCM Blogging Team
www.bernsteincrisismanagement.com

 

Leave a Reply