Last month, the Securities and Exchange Commission fined Morgan Stanley under the Safeguards Rule of the Gramm-Leach-Bliley Act for failing to adequately protect customer records. As IAPP Westin Fellow Gabe Maldoff, CIPP/US, explains in this Privacy Perspectives post, the settlement reveals the SEC’s strict view of what constitutes “reasonable” data security. Even as the Federal Trade Commission investigated Morgan Stanley and declined to bring an enforcement action, the SEC enforcement shows that failing to thwart just one rogue employee, despite having comprehensive security policies and controls in place, may lead to enforcement if the firm has not adequately tested and audited those controls.
Full Story
Comments
If you want to comment on this post, you need to login.